summaryrefslogtreecommitdiffstats
path: root/modules/password/password.go
blob: 92986977ec6dd49ab8b8d6cf6095592181efef99 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package password

import (
	"crypto/rand"
	"math/big"
	"strings"
	"sync"

	"code.gitea.io/gitea/modules/setting"
)

var (
	matchComplexityOnce sync.Once
	validChars          string
	requiredChars       []string

	charComplexities = map[string]string{
		"lower": `abcdefghijklmnopqrstuvwxyz`,
		"upper": `ABCDEFGHIJKLMNOPQRSTUVWXYZ`,
		"digit": `0123456789`,
		"spec":  ` !"#$%&'()*+,-./:;<=>?@[\]^_{|}~` + "`",
	}
)

// NewComplexity for preparation
func NewComplexity() {
	matchComplexityOnce.Do(func() {
		setupComplexity(setting.PasswordComplexity)
	})
}

func setupComplexity(values []string) {
	if len(values) != 1 || values[0] != "off" {
		for _, val := range values {
			if chars, ok := charComplexities[val]; ok {
				validChars += chars
				requiredChars = append(requiredChars, chars)
			}
		}
		if len(requiredChars) == 0 {
			// No valid character classes found; use all classes as default
			for _, chars := range charComplexities {
				validChars += chars
				requiredChars = append(requiredChars, chars)
			}
		}
	}
	if validChars == "" {
		// No complexities to check; provide a sensible default for password generation
		validChars = charComplexities["lower"] + charComplexities["upper"] + charComplexities["digit"]
	}
}

// IsComplexEnough return True if password meets complexity settings
func IsComplexEnough(pwd string) bool {
	NewComplexity()
	if len(validChars) > 0 {
		for _, req := range requiredChars {
			if !strings.ContainsAny(req, pwd) {
				return false
			}
		}
	}
	return true
}

// Generate  a random password
func Generate(n int) (string, error) {
	NewComplexity()
	buffer := make([]byte, n)
	max := big.NewInt(int64(len(validChars)))
	for {
		for j := 0; j < n; j++ {
			rnd, err := rand.Int(rand.Reader, max)
			if err != nil {
				return "", err
			}
			buffer[j] = validChars[rnd.Int64()]
		}
		if IsComplexEnough(string(buffer)) && string(buffer[0]) != " " && string(buffer[n-1]) != " " {
			return string(buffer), nil
		}
	}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 04:38:48 +0000