1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-24 02:14:20 +01:00

add more possibility for validation of password

Add possibility to check for a certain number of lower, punctuation
characters and a number of rule to check among min_lower, min_upper,
min_digit, min_punct.
This commit is contained in:
Thomas BURGUIERE 2019-02-11 19:46:50 +01:00
parent 245bafb01c
commit 5b28b68040
6 changed files with 56 additions and 7 deletions

View File

@ -185,8 +185,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple'
# parameters of the module # parameters of the module
min_length = 8 min_length = 8
min_lower = 1
min_upper = 1 min_upper = 1
min_digit = 1 min_digit = 1
min_punct = 1
# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password
min_point = 4
# authentification parameters # authentification parameters
[auth] [auth]

View File

@ -16,3 +16,5 @@ sed -i "s|ldap.admin.groups.*|ldap.admin.groups = '$GROUPS'|" $ROOT/ldapcherry-d
sed -i "s|^min_length.*|min_length = 3|" $ROOT/ldapcherry-dev.ini sed -i "s|^min_length.*|min_length = 3|" $ROOT/ldapcherry-dev.ini
sed -i "s|^min_upper.*|min_upper = 0|" $ROOT/ldapcherry-dev.ini sed -i "s|^min_upper.*|min_upper = 0|" $ROOT/ldapcherry-dev.ini
sed -i "s|^min_digit.*|min_digit = 0|" $ROOT/ldapcherry-dev.ini sed -i "s|^min_digit.*|min_digit = 0|" $ROOT/ldapcherry-dev.ini
sed -i "s|^min_punct.*|min_punct = 0|" $ROOT/ldapcherry-dev.ini
sed -i "s|^min_point.*|min_point = 0|" $ROOT/ldapcherry-dev.ini

View File

@ -7,6 +7,7 @@
import ldapcherry.ppolicy import ldapcherry.ppolicy
import re import re
import string
class PPolicy(ldapcherry.ppolicy.PPolicy): class PPolicy(ldapcherry.ppolicy.PPolicy):
@ -14,27 +15,57 @@ class PPolicy(ldapcherry.ppolicy.PPolicy):
def __init__(self, config, logger): def __init__(self, config, logger):
self.config = config self.config = config
self.min_length = self.get_param('min_length') self.min_length = self.get_param('min_length')
self.min_lower = self.get_param('min_lower')
self.min_upper = self.get_param('min_upper') self.min_upper = self.get_param('min_upper')
self.min_digit = self.get_param('min_digit') self.min_digit = self.get_param('min_digit')
self.min_punct = self.get_param('min_punct')
self.min_point = self.get_param('min_point')
def check(self, password): def check(self, password):
point = 0
reason = 'Not enough complexity'
if len(password) < self.min_length: if len(password) < self.min_length:
return {'match': False, 'reason': 'Password too short'} return {'match': False, 'reason': 'Password too short'}
if len(re.findall(r'[a-z]', password)) < self.min_lower:
reason = 'Not enough lower case characters'
else:
point += 1
if len(re.findall(r'[A-Z]', password)) < self.min_upper: if len(re.findall(r'[A-Z]', password)) < self.min_upper:
return { reason = 'Not enough upper case characters'
'match': False, else:
'reason': 'Not enough upper case characters' point += 1
}
if len(re.findall(r'[0-9]', password)) < self.min_digit: if len(re.findall(r'[0-9]', password)) < self.min_digit:
return {'match': False, 'reason': 'Not enough digits'} reason = 'Not enough digits'
else:
point += 1
punctuation = 0
for char in password:
if char in string.punctuation:
punctuation += 1
if punctuation < self.min_punct:
reason = 'Not enough special caracter'
else:
point += 1
if point < self.min_point:
return {'match': False, 'reason': reason}
return {'match': True, 'reason': 'password ok'} return {'match': True, 'reason': 'password ok'}
def info(self): def info(self):
return \ return \
"* Minimum length: %(len)d\n" \ "* Minimum length: %(len)d\n" \
"* Minimum number of lowercase characters: %(lower)d\n" \
"* Minimum number of uppercase characters: %(upper)d\n" \ "* Minimum number of uppercase characters: %(upper)d\n" \
"* Minimum number of digits: %(digit)d" % { "* Minimum number of digits: %(digit)d\n" \
'upper': self.min_upper, "* Minimum number of punctuation characters: %(punct)d" % {
'len': self.min_length, 'len': self.min_length,
'lower': self.min_lower,
'upper': self.min_upper,
'digit': self.min_digit 'digit': self.min_digit
'punct': self.min_punct,
} }

View File

@ -108,8 +108,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple'
# parameters of the module # parameters of the module
min_length = 8 min_length = 8
min_lower = 1
min_upper = 1 min_upper = 1
min_digit = 1 min_digit = 1
min_punct = 1
# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password
min_point = 4
# resources parameters # resources parameters
[resources] [resources]

View File

@ -145,8 +145,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple'
# parameters of the module # parameters of the module
min_length = 8 min_length = 8
min_lower = 1
min_upper = 1 min_upper = 1
min_digit = 1 min_digit = 1
min_punct = 1
# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password
min_point = 4
# authentification parameters # authentification parameters
[auth] [auth]

View File

@ -112,8 +112,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple'
# parameters of the module # parameters of the module
min_length = 2 min_length = 2
min_lower = 0
min_upper = 0 min_upper = 0
min_digit = 0 min_digit = 0
min_punct = 0
# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password
min_point = 0
# resources parameters # resources parameters
[resources] [resources]