Password Complexity Checks (#6230)

Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords. Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com> Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com> Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-Authored-By: Lauris BH <lauris@nix.lv>
author: Maxim Tkachenko <maxim.tkachenko@gmail.com> 2019-10-14 22:24:26 +0700
committer: zeripath <art27@cantab.net> 2019-10-14 16:24:26 +0100
commit: db657192d0349f7b10a62515fbf085d3a48d88f9 (patch)
tree: d298b9b2c487af61dc399774e67dcb3440add9c2 /routers/user/setting
parent: f9aba9ba0f07b77cb46dde6eda3c3f5b8fa841fe (diff)
download: gitea-db657192d0349f7b10a62515fbf085d3a48d88f9.tar.gz
gitea-db657192d0349f7b10a62515fbf085d3a48d88f9.zip
2 files changed, 64 insertions, 20 deletions
diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go
index 71d98fd3b9..c782224216 100644
--- a/routers/user/setting/account.go
+++ b/routers/user/setting/account.go
@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/password"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/services/mailer"
@@ -52,6 +53,8 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
 	} else if form.Password != form.Retype {
 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))
+	} else if !password.IsComplexEnough(form.Password) {
+		ctx.Flash.Error(ctx.Tr("settings.password_complexity"))
 	} else {
 		var err error
 		if ctx.User.Salt, err = models.GetUserSalt(); err != nil {
diff --git a/routers/user/setting/account_test.go b/routers/user/setting/account_test.go
index 59fbda1569..497ee658b0 100644
--- a/routers/user/setting/account_test.go
+++ b/routers/user/setting/account_test.go
@@ -19,36 +19,77 @@ import (
 func TestChangePassword(t *testing.T) {
 	oldPassword := "password"
 	setting.MinPasswordLength = 6
+	setting.PasswordComplexity = map[string]string{
+		"lower": "[a-z]+",
+		"upper": "[A-Z]+",
+		"digit": "[0-9]+",
+		"spec":  "[-_]+",
+	}
+	var pcLUN = map[string]string{
+		"lower": "[a-z]+",
+		"upper": "[A-Z]+",
+		"digit": "[0-9]+",
+	}
+	var pcLU = map[string]string{
+		"lower": "[a-z]+",
+		"upper": "[A-Z]+",
+	}
 
 	for _, req := range []struct {
-		OldPassword string
-		NewPassword string
-		Retype      string
-		Message     string
+		OldPassword        string
+		NewPassword        string
+		Retype             string
+		Message            string
+		PasswordComplexity map[string]string
 	}{
 		{
-			OldPassword: oldPassword,
-			NewPassword: "123456",
-			Retype:      "123456",
-			Message:     "",
+			OldPassword:        oldPassword,
+			NewPassword:        "Qwerty123456-",
+			Retype:             "Qwerty123456-",
+			Message:            "",
+			PasswordComplexity: setting.PasswordComplexity,
+		},
+		{
+			OldPassword:        oldPassword,
+			NewPassword:        "12345",
+			Retype:             "12345",
+			Message:            "auth.password_too_short",
+			PasswordComplexity: setting.PasswordComplexity,
+		},
+		{
+			OldPassword:        "12334",
+			NewPassword:        "123456",
+			Retype:             "123456",
+			Message:            "settings.password_incorrect",
+			PasswordComplexity: setting.PasswordComplexity,
+		},
+		{
+			OldPassword:        oldPassword,
+			NewPassword:        "123456",
+			Retype:             "12345",
+			Message:            "form.password_not_match",
+			PasswordComplexity: setting.PasswordComplexity,
 		},
 		{
-			OldPassword: oldPassword,
-			NewPassword: "12345",
-			Retype:      "12345",
-			Message:     "auth.password_too_short",
+			OldPassword:        oldPassword,
+			NewPassword:        "Qwerty",
+			Retype:             "Qwerty",
+			Message:            "settings.password_complexity",
+			PasswordComplexity: setting.PasswordComplexity,
 		},
 		{
-			OldPassword: "12334",
-			NewPassword: "123456",
-			Retype:      "123456",
-			Message:     "settings.password_incorrect",
+			OldPassword:        oldPassword,
+			NewPassword:        "Qwerty",
+			Retype:             "Qwerty",
+			Message:            "settings.password_complexity",
+			PasswordComplexity: pcLUN,
 		},
 		{
-			OldPassword: oldPassword,
-			NewPassword: "123456",
-			Retype:      "12345",
-			Message:     "form.password_not_match",
+			OldPassword:        oldPassword,
+			NewPassword:        "QWERTY",
+			Retype:             "QWERTY",
+			Message:            "settings.password_complexity",
+			PasswordComplexity: pcLU,
 		},
 	} {
 		models.PrepareTestEnv(t)
author	Maxim Tkachenko <maxim.tkachenko@gmail.com>	2019-10-14 22:24:26 +0700
committer	zeripath <art27@cantab.net>	2019-10-14 16:24:26 +0100
commit	db657192d0349f7b10a62515fbf085d3a48d88f9 (patch)
tree	d298b9b2c487af61dc399774e67dcb3440add9c2 /routers/user/setting
parent	f9aba9ba0f07b77cb46dde6eda3c3f5b8fa841fe (diff)
download	gitea-db657192d0349f7b10a62515fbf085d3a48d88f9.tar.gz gitea-db657192d0349f7b10a62515fbf085d3a48d88f9.zip