From 5b28b68040019c3bab51876268a8075c0849370b Mon Sep 17 00:00:00 2001 From: Thomas BURGUIERE Date: Mon, 11 Feb 2019 19:46:50 +0100 Subject: [PATCH] add more possibility for validation of password Add possibility to check for a certain number of lower, punctuation characters and a number of rule to check among min_lower, min_upper, min_digit, min_punct. --- conf/ldapcherry.ini | 4 ++ goodies/gen-dev-conf.sh | 2 + ldapcherry/ppolicy/simple.py | 45 +++++++++++++++++--- tests/cfg/ldapcherry.ini | 4 ++ tests/cfg/ldapcherry_adldap.cfg | 4 ++ tests/test_env/etc/ldapcherry/ldapcherry.ini | 4 ++ 6 files changed, 56 insertions(+), 7 deletions(-) diff --git a/conf/ldapcherry.ini b/conf/ldapcherry.ini index c5de286..2cccf76 100644 --- a/conf/ldapcherry.ini +++ b/conf/ldapcherry.ini @@ -185,8 +185,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple' # parameters of the module min_length = 8 +min_lower = 1 min_upper = 1 min_digit = 1 +min_punct = 1 +# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password +min_point = 4 # authentification parameters [auth] diff --git a/goodies/gen-dev-conf.sh b/goodies/gen-dev-conf.sh index 432da6f..caa84cf 100755 --- a/goodies/gen-dev-conf.sh +++ b/goodies/gen-dev-conf.sh @@ -16,3 +16,5 @@ sed -i "s|ldap.admin.groups.*|ldap.admin.groups = '$GROUPS'|" $ROOT/ldapcherry-d sed -i "s|^min_length.*|min_length = 3|" $ROOT/ldapcherry-dev.ini sed -i "s|^min_upper.*|min_upper = 0|" $ROOT/ldapcherry-dev.ini sed -i "s|^min_digit.*|min_digit = 0|" $ROOT/ldapcherry-dev.ini +sed -i "s|^min_punct.*|min_punct = 0|" $ROOT/ldapcherry-dev.ini +sed -i "s|^min_point.*|min_point = 0|" $ROOT/ldapcherry-dev.ini diff --git a/ldapcherry/ppolicy/simple.py b/ldapcherry/ppolicy/simple.py index ce50ff0..ccdbe93 100644 --- a/ldapcherry/ppolicy/simple.py +++ b/ldapcherry/ppolicy/simple.py @@ -7,6 +7,7 @@ import ldapcherry.ppolicy import re +import string class PPolicy(ldapcherry.ppolicy.PPolicy): @@ -14,27 +15,57 @@ class PPolicy(ldapcherry.ppolicy.PPolicy): def __init__(self, config, logger): self.config = config self.min_length = self.get_param('min_length') + self.min_lower = self.get_param('min_lower') self.min_upper = self.get_param('min_upper') self.min_digit = self.get_param('min_digit') + self.min_punct = self.get_param('min_punct') + self.min_point = self.get_param('min_point') def check(self, password): + point = 0 + reason = 'Not enough complexity' + if len(password) < self.min_length: return {'match': False, 'reason': 'Password too short'} + + if len(re.findall(r'[a-z]', password)) < self.min_lower: + reason = 'Not enough lower case characters' + else: + point += 1 if len(re.findall(r'[A-Z]', password)) < self.min_upper: - return { - 'match': False, - 'reason': 'Not enough upper case characters' - } + reason = 'Not enough upper case characters' + else: + point += 1 + if len(re.findall(r'[0-9]', password)) < self.min_digit: - return {'match': False, 'reason': 'Not enough digits'} + reason = 'Not enough digits' + else: + point += 1 + + punctuation = 0 + for char in password: + if char in string.punctuation: + punctuation += 1 + if punctuation < self.min_punct: + reason = 'Not enough special caracter' + else: + point += 1 + + if point < self.min_point: + return {'match': False, 'reason': reason} + return {'match': True, 'reason': 'password ok'} def info(self): return \ "* Minimum length: %(len)d\n" \ + "* Minimum number of lowercase characters: %(lower)d\n" \ "* Minimum number of uppercase characters: %(upper)d\n" \ - "* Minimum number of digits: %(digit)d" % { - 'upper': self.min_upper, + "* Minimum number of digits: %(digit)d\n" \ + "* Minimum number of punctuation characters: %(punct)d" % { 'len': self.min_length, + 'lower': self.min_lower, + 'upper': self.min_upper, 'digit': self.min_digit + 'punct': self.min_punct, } diff --git a/tests/cfg/ldapcherry.ini b/tests/cfg/ldapcherry.ini index 3551119..03b0461 100644 --- a/tests/cfg/ldapcherry.ini +++ b/tests/cfg/ldapcherry.ini @@ -108,8 +108,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple' # parameters of the module min_length = 8 +min_lower = 1 min_upper = 1 min_digit = 1 +min_punct = 1 +# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password +min_point = 4 # resources parameters [resources] diff --git a/tests/cfg/ldapcherry_adldap.cfg b/tests/cfg/ldapcherry_adldap.cfg index ab035d2..68de1e6 100644 --- a/tests/cfg/ldapcherry_adldap.cfg +++ b/tests/cfg/ldapcherry_adldap.cfg @@ -145,8 +145,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple' # parameters of the module min_length = 8 +min_lower = 1 min_upper = 1 min_digit = 1 +min_punct = 1 +# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password +min_point = 4 # authentification parameters [auth] diff --git a/tests/test_env/etc/ldapcherry/ldapcherry.ini b/tests/test_env/etc/ldapcherry/ldapcherry.ini index d41f53d..8c571e2 100644 --- a/tests/test_env/etc/ldapcherry/ldapcherry.ini +++ b/tests/test_env/etc/ldapcherry/ldapcherry.ini @@ -112,8 +112,12 @@ ppolicy.module = 'ldapcherry.ppolicy.simple' # parameters of the module min_length = 2 +min_lower = 0 min_upper = 0 min_digit = 0 +min_punct = 0 +# number of rules (among: min_lower, min_upper, min_digit, min_punct) to respect for a correct password +min_point = 0 # resources parameters [resources]