summaryrefslogtreecommitdiffstats
path: root/modules/password
diff options
context:
space:
mode:
authorMaxim Tkachenko <maxim.tkachenko@gmail.com>2019-10-14 22:24:26 +0700
committerzeripath <art27@cantab.net>2019-10-14 16:24:26 +0100
commitdb657192d0349f7b10a62515fbf085d3a48d88f9 (patch)
treed298b9b2c487af61dc399774e67dcb3440add9c2 /modules/password
parentf9aba9ba0f07b77cb46dde6eda3c3f5b8fa841fe (diff)
downloadgitea-db657192d0349f7b10a62515fbf085d3a48d88f9.tar.gz
gitea-db657192d0349f7b10a62515fbf085d3a48d88f9.zip
Password Complexity Checks (#6230)
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords. Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com> Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com> Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-Authored-By: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'modules/password')
-rw-r--r--modules/password/password.go73
1 files changed, 73 insertions, 0 deletions
diff --git a/modules/password/password.go b/modules/password/password.go
new file mode 100644
index 0000000000..54131b9641
--- /dev/null
+++ b/modules/password/password.go
@@ -0,0 +1,73 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package password
+
+import (
+ "crypto/rand"
+ "math/big"
+ "regexp"
+ "sync"
+
+ "code.gitea.io/gitea/modules/setting"
+)
+
+var matchComplexities = map[string]regexp.Regexp{}
+var matchComplexityOnce sync.Once
+var validChars string
+var validComplexities = map[string]string{
+ "lower": "abcdefghijklmnopqrstuvwxyz",
+ "upper": "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ "digit": "0123456789",
+ "spec": `][ !"#$%&'()*+,./:;<=>?@\^_{|}~` + "`-",
+}
+
+// NewComplexity for preparation
+func NewComplexity() {
+ matchComplexityOnce.Do(func() {
+ if len(setting.PasswordComplexity) > 0 {
+ for key, val := range setting.PasswordComplexity {
+ matchComplexity := regexp.MustCompile(val)
+ matchComplexities[key] = *matchComplexity
+ validChars += validComplexities[key]
+ }
+ } else {
+ for _, val := range validComplexities {
+ validChars += val
+ }
+ }
+ })
+}
+
+// IsComplexEnough return True if password is Complexity
+func IsComplexEnough(pwd string) bool {
+ if len(setting.PasswordComplexity) > 0 {
+ NewComplexity()
+ for _, val := range matchComplexities {
+ if !val.MatchString(pwd) {
+ return false
+ }
+ }
+ }
+ return true
+}
+
+// Generate a random password
+func Generate(n int) (string, error) {
+ NewComplexity()
+ buffer := make([]byte, n)
+ max := big.NewInt(int64(len(validChars)))
+ for {
+ for j := 0; j < n; j++ {
+ rnd, err := rand.Int(rand.Reader, max)
+ if err != nil {
+ return "", err
+ }
+ buffer[j] = validChars[rnd.Int64()]
+ }
+ if IsComplexEnough(string(buffer)) && string(buffer[0]) != " " && string(buffer[n-1]) != " " {
+ return string(buffer), nil
+ }
+ }
+}