mirror of
https://github.com/janeczku/calibre-web
synced 2025-01-19 13:42:58 +00:00
Bugfies password validation from testrun
This commit is contained in:
parent
04326af2da
commit
4ef8c35fb7
@ -1848,8 +1848,8 @@ def _handle_new_user(to_save, content, languages, translations, kobo_support):
|
||||
content.sidebar_view |= constants.DETAIL_RANDOM
|
||||
|
||||
content.role = constants.selected_roles(to_save)
|
||||
content.password = generate_password_hash(to_save["password"])
|
||||
try:
|
||||
content.password = generate_password_hash(helper.valid_password(to_save["password"]))
|
||||
if not to_save["name"] or not to_save["email"] or not to_save["password"]:
|
||||
log.info("Missing entries on new user")
|
||||
raise Exception(_(u"Please fill out all fields!"))
|
||||
@ -1936,8 +1936,8 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
|
||||
log.warning("No admin user remaining, can't remove admin role from {}".format(content.name))
|
||||
flash(_("No admin user remaining, can't remove admin role"), category="error")
|
||||
return redirect(url_for('admin.admin'))
|
||||
if to_save.get("password"):
|
||||
content.password = generate_password_hash(to_save["password"])
|
||||
if 'password' in to_save:
|
||||
content.password = generate_password_hash(helper.valid_password(to_save('password')))
|
||||
anonymous = content.is_anonymous
|
||||
content.role = constants.selected_roles(to_save)
|
||||
if anonymous:
|
||||
|
@ -661,6 +661,23 @@ def valid_email(email):
|
||||
raise Exception(_(u"Invalid e-mail address format"))
|
||||
return email
|
||||
|
||||
def valid_password(check_password):
|
||||
if config.config_password_policy:
|
||||
verify = ""
|
||||
if config.config_password_min_length > 0:
|
||||
verify += "^(?=\S{" + str(config.config_password_min_length) + ",}$)"
|
||||
if config.config_password_number:
|
||||
verify += "(?=.*?\d)"
|
||||
if config.config_password_lower:
|
||||
verify += "(?=.*?[a-z])"
|
||||
if config.config_password_upper:
|
||||
verify += "(?=.*?[A-Z])"
|
||||
if config.config_password_special:
|
||||
verify += "(?=.*?[^A-Za-z\s0-9])"
|
||||
match = re.match(verify, check_password)
|
||||
if not match:
|
||||
raise Exception(_("Password doesn't comply with password validation rules"))
|
||||
return check_password
|
||||
# ################################# External interface #################################
|
||||
|
||||
|
||||
|
@ -28,7 +28,8 @@ $(document).ready(function() {
|
||||
// Initialized and ready to go
|
||||
var options = {};
|
||||
options.common = {
|
||||
minChar: $('#password').data("min")
|
||||
minChar: $('#password').data("min"),
|
||||
maxChar: -1
|
||||
}
|
||||
options.ui = {
|
||||
bootstrap3: true,
|
||||
|
@ -389,7 +389,7 @@
|
||||
<label for="config_password_lower">{{_('Enforce lowercase characters')}}</label>
|
||||
</div>
|
||||
<div class="form-group" style="margin-left:10px;">
|
||||
<input type="checkbox" id="config_password_lower" name="config_password_upper" {% if config.config_password_upper %}checked{% endif %}>
|
||||
<input type="checkbox" id="config_password_upper" name="config_password_upper" {% if config.config_password_upper %}checked{% endif %}>
|
||||
<label for="config_password_upper">{{_('Enforce uppercase characters')}}</label>
|
||||
</div>
|
||||
<div class="form-group" style="margin-left:10px;">
|
||||
|
22
cps/web.py
22
cps/web.py
@ -23,7 +23,6 @@ import json
|
||||
import mimetypes
|
||||
import chardet # dependency of requests
|
||||
import copy
|
||||
import re
|
||||
|
||||
from flask import Blueprint, jsonify
|
||||
from flask import request, redirect, send_from_directory, make_response, flash, abort, url_for
|
||||
@ -47,7 +46,7 @@ from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
|
||||
from .helper import check_valid_domain, check_email, check_username, \
|
||||
get_book_cover, get_series_cover_thumbnail, get_download_link, send_mail, generate_random_password, \
|
||||
send_registration_mail, check_send_to_ereader, check_read_formats, tags_filters, reset_password, valid_email, \
|
||||
edit_book_read_status
|
||||
edit_book_read_status, valid_password
|
||||
from .pagination import Pagination
|
||||
from .redirect import redirect_back
|
||||
from .babel import get_available_locale
|
||||
@ -1359,23 +1358,8 @@ def change_profile(kobo_support, local_oauth_check, oauth_status, translations,
|
||||
current_user.random_books = 0
|
||||
try:
|
||||
if current_user.role_passwd() or current_user.role_admin():
|
||||
if to_save.get("password"):
|
||||
if config.config_password_policy:
|
||||
verify = ""
|
||||
if config.config_password_min_length > 0:
|
||||
verify += "^(?=\S{" + str(config.config_password_min_length) + ",}$)"
|
||||
if config.config_password_number:
|
||||
verify += "(?=.*?\d)"
|
||||
if config.config_password_lower:
|
||||
verify += "(?=.*?[a-z])"
|
||||
if config.config_password_upper:
|
||||
verify += "(?=.*?[A-Z])"
|
||||
if config.config_password_special:
|
||||
verify += "(?=.*?[^A-Za-z\s0-9])"
|
||||
match = re.match(verify, to_save.get("password"))
|
||||
if not match:
|
||||
raise Exception(_("Password doesn't comply with password validation rules"))
|
||||
current_user.password = generate_password_hash(to_save.get("password"))
|
||||
if 'password' in to_save:
|
||||
current_user.password = generate_password_hash(valid_password(to_save('password')))
|
||||
if to_save.get("kindle_mail", current_user.kindle_mail) != current_user.kindle_mail:
|
||||
current_user.kindle_mail = valid_email(to_save.get("kindle_mail"))
|
||||
if to_save.get("email", current_user.email) != current_user.email:
|
||||
|
Loading…
Reference in New Issue
Block a user