diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2020-09-08 17:06:39 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-08 17:06:39 -0500 |
| commit | c6e4bc53aad371210f0cb670e36c57132087b230 (patch) | |
| tree | ef2eecef855a4257a22eb61aefd5439be23a770e /routers/user | |
| parent | bea343ce0997262e61c5d83812a270090896afbf (diff) | |
| download | gitea-c6e4bc53aad371210f0cb670e36c57132087b230.tar.gz gitea-c6e4bc53aad371210f0cb670e36c57132087b230.zip | |
Check passwords against HaveIBeenPwned (#12716)
* Implement pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update module
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Apply suggestions mrsdizzie
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Add link to HIBP
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add more details to admin command
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add context to pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Consistency and making some noise ;)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'routers/user')
| -rw-r--r-- | routers/user/auth.go | 22 | ||||
| -rw-r--r-- | routers/user/setting/account.go | 7 |
2 files changed, 28 insertions, 1 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go index 4e6ac9c87f..96a73c9dd4 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1110,6 +1110,17 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo ctx.RenderWithErr(password.BuildComplexityError(ctx), tplSignUp, &form) return } + pwned, err := password.IsPwned(ctx.Req.Context(), form.Password) + if pwned { + errMsg := ctx.Tr("auth.password_pwned") + if err != nil { + log.Error(err.Error()) + errMsg = ctx.Tr("auth.password_pwned_err") + } + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(errMsg, tplSignUp, &form) + return + } u := &models.User{ Name: form.UserName, @@ -1409,6 +1420,16 @@ func ResetPasswdPost(ctx *context.Context) { ctx.Data["Err_Password"] = true ctx.RenderWithErr(password.BuildComplexityError(ctx), tplResetPassword, nil) return + } else if pwned, err := password.IsPwned(ctx.Req.Context(), passwd); pwned || err != nil { + errMsg := ctx.Tr("auth.password_pwned") + if err != nil { + log.Error(err.Error()) + errMsg = ctx.Tr("auth.password_pwned_err") + } + ctx.Data["IsResetForm"] = true + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(errMsg, tplResetPassword, nil) + return } // Handle two-factor @@ -1443,7 +1464,6 @@ func ResetPasswdPost(ctx *context.Context) { } } } - var err error if u.Rands, err = models.GetUserSalt(); err != nil { ctx.ServerError("UpdateUser", err) diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go index 27f0bf1c86..99e20177bc 100644 --- a/routers/user/setting/account.go +++ b/routers/user/setting/account.go @@ -54,6 +54,13 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) { ctx.Flash.Error(ctx.Tr("form.password_not_match")) } else if !password.IsComplexEnough(form.Password) { ctx.Flash.Error(password.BuildComplexityError(ctx)) + } else if pwned, err := password.IsPwned(ctx.Req.Context(), form.Password); pwned || err != nil { + errMsg := ctx.Tr("auth.password_pwned") + if err != nil { + log.Error(err.Error()) + errMsg = ctx.Tr("auth.password_pwned_err") + } + ctx.Flash.Error(errMsg) } else { var err error if ctx.User.Salt, err = models.GetUserSalt(); err != nil { |