From 6b582a4f28a8d4af24d2d32a2c3a4358c928d9c9 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Oct 2018 10:13:05 +0100 Subject: [PATCH] people: Do not allow setting weak passwords Signed-off-by: Michael Tremer --- requirements.txt | 1 + src/backend/accounts.py | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 30d61b2c..cf11beb7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -26,3 +26,4 @@ sshpubkeys==3.1.0 textile==3.0.3 tornado==4.4.2 webencodings==0.5.1 +zxcvbn==4.4.27 diff --git a/src/backend/accounts.py b/src/backend/accounts.py index 605a2b0b..07f141f7 100644 --- a/src/backend/accounts.py +++ b/src/backend/accounts.py @@ -12,6 +12,7 @@ import phonenumbers import sshpubkeys import urllib.parse import urllib.request +import zxcvbn from . import util from .decorators import * @@ -274,11 +275,16 @@ class Account(Object): def _delete_string(self, key, value): return self._delete_strings(key, [value,]) - def passwd(self, new_password): + def passwd(self, password): """ Sets a new password """ - self.ldap.passwd_s(self.dn, None, new_password) + # The new password must have a score of 3 or better + quality = self.check_password_quality(password) + if quality["score"] < 3: + raise ValueError("Password too weak") + + self.ldap.passwd_s(self.dn, None, password) def check_password(self, password): """ @@ -306,6 +312,15 @@ class Account(Object): return True + def check_password_quality(self, password): + """ + Passwords are passed through zxcvbn to make sure + that they are strong enough. + """ + return zxcvbn.zxcvbn(password, user_inputs=( + self.first_name, self.last_name, + )) + def is_admin(self): return "wheel" in self.groups -- 2.39.2