共有 2 个文件被更改,包括 64 次插入 和 1 次删除
合并视图
Diff 选项
-
+6 -1src/app/views/register.py
-
+58 -0src/app/views/utils.py
+ 6
- 1
src/app/views/register.py
查看文件
| @@ -1,6 +1,6 @@ | |||||
| import web | import web | ||||
| from views.forms import register_form | from views.forms import register_form | ||||
| from views.utils import get_nav_bar, csrf_protected | |||||
| from views.utils import get_nav_bar, csrf_protected, password_weakness | |||||
| import models.register | import models.register | ||||
| import models.user | import models.user | ||||
| import bcrypt | import bcrypt | ||||
| @@ -41,6 +41,11 @@ class Register: | |||||
| if models.user.get_user_id_by_name(data.username): | if models.user.get_user_id_by_name(data.username): | ||||
| return render.register(nav, register, "Invalid user, already exists.") | return render.register(nav, register, "Invalid user, already exists.") | ||||
| # Check password security | |||||
| weakness = password_weakness(data.password, data.username) | |||||
| if weakness is not None: | |||||
| return render.register(nav, register, weakness) | |||||
| password_hash = bcrypt.hashpw(data.password.encode('UTF-8'), bcrypt.gensalt()) | password_hash = bcrypt.hashpw(data.password.encode('UTF-8'), bcrypt.gensalt()) | ||||
| models.register.set_user(data.username, password_hash, data.full_name, data.company, | models.register.set_user(data.username, password_hash, data.full_name, data.company, | ||||
+ 58
- 0
src/app/views/utils.py
查看文件
| @@ -78,3 +78,61 @@ def csrf_protected(f): | |||||
| return f(*args, **kwargs) | return f(*args, **kwargs) | ||||
| return decorated | return decorated | ||||
| def is_common_password(password): | |||||
| """Helper function that checks various common passwords.""" | |||||
| def common_sequences(n): | |||||
| # Check sequences of the same number | |||||
| for i in range(n): | |||||
| for j in range(n): | |||||
| yield ''.join([str(i) for _ in range(j)]) | |||||
| # Check incrementing sequences | |||||
| for i in range(n): | |||||
| # Starting at 0 | |||||
| seq = ''.join([str(j) for j in range(i)]) | |||||
| yield seq | |||||
| # Starting at 1 | |||||
| yield seq[1:] | |||||
| # Decrementing | |||||
| # Starting at 0 | |||||
| yield seq[::-1] | |||||
| # Starting at 1 | |||||
| yield seq[1::-1] | |||||
| common_passwords = [ | |||||
| 'password', 'qwerty', 'iloveyou', '123123', 'abc123', 'admin', | |||||
| 'passwrod', 'password1', 'beelance', 'beelance2' | |||||
| ] | |||||
| if password in common_passwords or password in common_sequences(12): | |||||
| return True | |||||
| return False | |||||
| def password_weakness(password, username): | |||||
| """ | |||||
| Check if the password fulfills the password policy. | |||||
| The policy is: | |||||
| - At least 8 characters, but not more than 70 (due to bcrypt) | |||||
| - Does not overlap with the username | |||||
| - Not a common password | |||||
| :param password: The password to check | |||||
| :param username: The username of the user (used to check similarity) | |||||
| :return: The most important weakness of the password, or None if it fulfills the policy | |||||
| """ | |||||
| if len(password) < 8: | |||||
| return "The password must be at least 5 characters long." | |||||
| elif len(password) > 70: | |||||
| return "The password can't be longer than 70 characters." | |||||
| elif password in username or username in password: | |||||
| return "The password can't overlap with your username." | |||||
| elif is_common_password(password): | |||||
| return "The password is too common. Choose something more unique." | |||||
| return None | |||||