diff options
| author | guillep2k <18600385+guillep2k@users.noreply.github.com> | 2019-10-16 00:09:58 -0300 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2019-10-16 11:09:58 +0800 |
| commit | 31655aabfc397db203d39b468cad1ecbdc1879db (patch) | |
| tree | 07bb7133bb4ff74a96abf4c3ab1587e27fdf1298 /modules/password/password.go | |
| parent | 66e99d722a71d12b81264bc3577b85febe40e49e (diff) | |
| download | gitea-31655aabfc397db203d39b468cad1ecbdc1879db.tar.gz gitea-31655aabfc397db203d39b468cad1ecbdc1879db.zip | |
Fix password complexity regex for special characters (on master) (#8525)
* Fix extra space
* Fix regular expression
* Fix error template name
* Simplify check code, fix default values, add test
* Fix router tests
* Fix fmt
* Fix setting and lint
* Move cleaning up code to test, improve comments
* Tidy up variable declaration
Diffstat (limited to 'modules/password/password.go')
| -rw-r--r-- | modules/password/password.go | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/modules/password/password.go b/modules/password/password.go index 54131b9641..92986977ec 100644 --- a/modules/password/password.go +++ b/modules/password/password.go @@ -7,45 +7,60 @@ package password import ( "crypto/rand" "math/big" - "regexp" + "strings" "sync" "code.gitea.io/gitea/modules/setting" ) -var matchComplexities = map[string]regexp.Regexp{} -var matchComplexityOnce sync.Once -var validChars string -var validComplexities = map[string]string{ - "lower": "abcdefghijklmnopqrstuvwxyz", - "upper": "ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "digit": "0123456789", - "spec": `][ !"#$%&'()*+,./:;<=>?@\^_{|}~` + "`-", -} +var ( + matchComplexityOnce sync.Once + validChars string + requiredChars []string + + charComplexities = map[string]string{ + "lower": `abcdefghijklmnopqrstuvwxyz`, + "upper": `ABCDEFGHIJKLMNOPQRSTUVWXYZ`, + "digit": `0123456789`, + "spec": ` !"#$%&'()*+,-./:;<=>?@[\]^_{|}~` + "`", + } +) // NewComplexity for preparation func NewComplexity() { matchComplexityOnce.Do(func() { - if len(setting.PasswordComplexity) > 0 { - for key, val := range setting.PasswordComplexity { - matchComplexity := regexp.MustCompile(val) - matchComplexities[key] = *matchComplexity - validChars += validComplexities[key] + setupComplexity(setting.PasswordComplexity) + }) +} + +func setupComplexity(values []string) { + if len(values) != 1 || values[0] != "off" { + for _, val := range values { + if chars, ok := charComplexities[val]; ok { + validChars += chars + requiredChars = append(requiredChars, chars) } - } else { - for _, val := range validComplexities { - validChars += val + } + if len(requiredChars) == 0 { + // No valid character classes found; use all classes as default + for _, chars := range charComplexities { + validChars += chars + requiredChars = append(requiredChars, chars) } } - }) + } + if validChars == "" { + // No complexities to check; provide a sensible default for password generation + validChars = charComplexities["lower"] + charComplexities["upper"] + charComplexities["digit"] + } } -// IsComplexEnough return True if password is Complexity +// IsComplexEnough return True if password meets complexity settings func IsComplexEnough(pwd string) bool { - if len(setting.PasswordComplexity) > 0 { - NewComplexity() - for _, val := range matchComplexities { - if !val.MatchString(pwd) { + NewComplexity() + if len(validChars) > 0 { + for _, req := range requiredChars { + if !strings.ContainsAny(req, pwd) { return false } } |