From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 16 Feb 2025 16:43:29 +0000 (+0000)
Subject: passwords: Run a quality check before accepting the password
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=102d05942ec1ded0cd69876e35a9d3dec577ab32;p=people%2Fms%2Fbricklayer.git

passwords: Run a quality check before accepting the password

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/configure.ac b/configure.ac
index df77009..e8e12cb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -40,6 +40,7 @@ AC_PROG_MKDIR_P
 
 AX_PYTHON_MODULE([pakfire], [fatal])
 AX_PYTHON_MODULE([parted], [fatal])
+AX_PYTHON_MODULE([pwquality], [fatal])
 AX_PYTHON_MODULE([pytz], [fatal])
 AX_PYTHON_MODULE([snack], [fatal])
 
diff --git a/src/python/tui.py b/src/python/tui.py
index 3bb91aa..c9c3028 100644
--- a/src/python/tui.py
+++ b/src/python/tui.py
@@ -19,6 +19,7 @@
 ###############################################################################
 
 import logging
+import pwquality
 import snack
 
 from .errors import *
@@ -425,6 +426,12 @@ class ProgressWindowCallbacks(object):
 
 
 class PasswordWindow(ButtonsWindow):
+	def __init__(self, *args, **kwargs):
+		ButtonsWindow.__init__(self, *args, **kwargs)
+
+		# Initialize pwquality
+		self.pwquality = pwquality.PWQSettings()
+
 	@property
 	def default_buttons(self):
 		return (
@@ -467,23 +474,34 @@ class PasswordWindow(ButtonsWindow):
 		password1 = self.password1.value()
 		password2 = self.password2.value()
 
-		# Has something been entered?
-		if not password1:
-			self.tui.message(
-				_("Error"),
-				_("You must enter a password"),
-				buttons=[_("OK")],
-			)
-			raise TryAgainError
+		try:
+			# Has something been entered?
+			if not password1:
+				raise TryAgainError(_("You must enter a password"))
 
-		# Do the passwords match?
-		if not password1 == password2:
+			# Do the passwords match?
+			elif not password1 == password2:
+				raise TryAgainError(_("The entered passwords do not match"))
+
+			# Check if the password is strong enough
+			try:
+				self.pwquality.check(password1, None, "root")
+
+			except pwquality.PWQError as e:
+				code, message = e.args
+
+				# Show the message to the user
+				raise TryAgainError("%s" % message) from e
+
+		except TryAgainError as e:
 			self.tui.message(
 				_("Error"),
-				_("The entered passwords do not match"),
-				buttons=[_("OK")],
+				"%s" % e,
+				buttons=[_("OK")]
 			)
-			raise TryAgainError
+
+			# Re-raise the error
+			raise e
 
 		# Return the password to the caller
 		return password1