summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
Diffstat (limited to 'routers')
-rw-r--r--routers/admin/users.go10
-rw-r--r--routers/api/v1/admin/user.go14
-rw-r--r--routers/user/auth.go11
-rw-r--r--routers/user/setting/account.go3
-rw-r--r--routers/user/setting/account_test.go81
5 files changed, 92 insertions, 27 deletions
diff --git a/routers/admin/users.go b/routers/admin/users.go
index 660f116682..fdc4e0e371 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -12,6 +12,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers"
"code.gitea.io/gitea/services/mailer"
@@ -94,7 +95,10 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
u.LoginName = form.LoginName
}
}
-
+ if !password.IsComplexEnough(form.Password) {
+ ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserNew, &form)
+ return
+ }
if err := models.CreateUser(u); err != nil {
switch {
case models.IsErrUserAlreadyExist(err):
@@ -201,6 +205,10 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
ctx.ServerError("UpdateUser", err)
return
}
+ if !password.IsComplexEnough(form.Password) {
+ ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserEdit, &form)
+ return
+ }
u.HashPassword(form.Password)
}
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 70076b626b..f35ad297b0 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -6,9 +6,12 @@
package admin
import (
+ "errors"
+
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/password"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/routers/api/v1/convert"
"code.gitea.io/gitea/routers/api/v1/user"
@@ -73,7 +76,11 @@ func CreateUser(ctx *context.APIContext, form api.CreateUserOption) {
if ctx.Written() {
return
}
-
+ if !password.IsComplexEnough(form.Password) {
+ err := errors.New("PasswordComplexity")
+ ctx.Error(400, "PasswordComplexity", err)
+ return
+ }
if err := models.CreateUser(u); err != nil {
if models.IsErrUserAlreadyExist(err) ||
models.IsErrEmailAlreadyUsed(err) ||
@@ -131,6 +138,11 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
}
if len(form.Password) > 0 {
+ if !password.IsComplexEnough(form.Password) {
+ err := errors.New("PasswordComplexity")
+ ctx.Error(400, "PasswordComplexity", err)
+ return
+ }
var err error
if u.Salt, err = models.GetUserSalt(); err != nil {
ctx.Error(500, "UpdateUser", err)
diff --git a/routers/user/auth.go b/routers/user/auth.go
index 212d535a06..82a508e4dc 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -17,6 +17,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/recaptcha"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
@@ -1334,6 +1335,11 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
return
+ } else if !password.IsComplexEnough(passwd) {
+ ctx.Data["IsResetForm"] = true
+ ctx.Data["Err_Password"] = true
+ ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplResetPassword, nil)
+ return
}
var err error
@@ -1364,7 +1370,6 @@ func ResetPasswdPost(ctx *context.Context) {
func MustChangePassword(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
-
ctx.HTML(200, tplMustChangePassword)
}
@@ -1372,16 +1377,12 @@ func MustChangePassword(ctx *context.Context) {
// account was created by an admin
func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
-
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
-
if ctx.HasError() {
ctx.HTML(200, tplMustChangePassword)
return
}
-
u := ctx.User
-
// Make sure only requests for users who are eligible to change their password via
// this method passes through
if !u.MustChangePassword {
diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go
index 71d98fd3b9..c782224216 100644
--- a/routers/user/setting/account.go
+++ b/routers/user/setting/account.go
@@ -13,6 +13,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/services/mailer"
@@ -52,6 +53,8 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
} else if form.Password != form.Retype {
ctx.Flash.Error(ctx.Tr("form.password_not_match"))
+ } else if !password.IsComplexEnough(form.Password) {
+ ctx.Flash.Error(ctx.Tr("settings.password_complexity"))
} else {
var err error
if ctx.User.Salt, err = models.GetUserSalt(); err != nil {
diff --git a/routers/user/setting/account_test.go b/routers/user/setting/account_test.go
index 59fbda1569..497ee658b0 100644
--- a/routers/user/setting/account_test.go
+++ b/routers/user/setting/account_test.go
@@ -19,36 +19,77 @@ import (
func TestChangePassword(t *testing.T) {
oldPassword := "password"
setting.MinPasswordLength = 6
+ setting.PasswordComplexity = map[string]string{
+ "lower": "[a-z]+",
+ "upper": "[A-Z]+",
+ "digit": "[0-9]+",
+ "spec": "[-_]+",
+ }
+ var pcLUN = map[string]string{
+ "lower": "[a-z]+",
+ "upper": "[A-Z]+",
+ "digit": "[0-9]+",
+ }
+ var pcLU = map[string]string{
+ "lower": "[a-z]+",
+ "upper": "[A-Z]+",
+ }
for _, req := range []struct {
- OldPassword string
- NewPassword string
- Retype string
- Message string
+ OldPassword string
+ NewPassword string
+ Retype string
+ Message string
+ PasswordComplexity map[string]string
}{
{
- OldPassword: oldPassword,
- NewPassword: "123456",
- Retype: "123456",
- Message: "",
+ OldPassword: oldPassword,
+ NewPassword: "Qwerty123456-",
+ Retype: "Qwerty123456-",
+ Message: "",
+ PasswordComplexity: setting.PasswordComplexity,
+ },
+ {
+ OldPassword: oldPassword,
+ NewPassword: "12345",
+ Retype: "12345",
+ Message: "auth.password_too_short",
+ PasswordComplexity: setting.PasswordComplexity,
+ },
+ {
+ OldPassword: "12334",
+ NewPassword: "123456",
+ Retype: "123456",
+ Message: "settings.password_incorrect",
+ PasswordComplexity: setting.PasswordComplexity,
+ },
+ {
+ OldPassword: oldPassword,
+ NewPassword: "123456",
+ Retype: "12345",
+ Message: "form.password_not_match",
+ PasswordComplexity: setting.PasswordComplexity,
},
{
- OldPassword: oldPassword,
- NewPassword: "12345",
- Retype: "12345",
- Message: "auth.password_too_short",
+ OldPassword: oldPassword,
+ NewPassword: "Qwerty",
+ Retype: "Qwerty",
+ Message: "settings.password_complexity",
+ PasswordComplexity: setting.PasswordComplexity,
},
{
- OldPassword: "12334",
- NewPassword: "123456",
- Retype: "123456",
- Message: "settings.password_incorrect",
+ OldPassword: oldPassword,
+ NewPassword: "Qwerty",
+ Retype: "Qwerty",
+ Message: "settings.password_complexity",
+ PasswordComplexity: pcLUN,
},
{
- OldPassword: oldPassword,
- NewPassword: "123456",
- Retype: "12345",
- Message: "form.password_not_match",
+ OldPassword: oldPassword,
+ NewPassword: "QWERTY",
+ Retype: "QWERTY",
+ Message: "settings.password_complexity",
+ PasswordComplexity: pcLU,
},
} {
models.PrepareTestEnv(t)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 19:14:06 +0000