Add password constraint check in Go + update JS ones
This commit is contained in:
parent
3f96397a19
commit
01100610fb
|
@ -0,0 +1,47 @@
|
|||
// Copyright or © or Copr. happyDNS (2020)
|
||||
//
|
||||
// contact@happydns.org
|
||||
//
|
||||
// This software is a computer program whose purpose is to provide a modern
|
||||
// interface to interact with DNS systems.
|
||||
//
|
||||
// This software is governed by the CeCILL license under French law and abiding
|
||||
// by the rules of distribution of free software. You can use, modify and/or
|
||||
// redistribute the software under the terms of the CeCILL license as
|
||||
// circulated by CEA, CNRS and INRIA at the following URL
|
||||
// "http://www.cecill.info".
|
||||
//
|
||||
// As a counterpart to the access to the source code and rights to copy, modify
|
||||
// and redistribute granted by the license, users are provided only with a
|
||||
// limited warranty and the software's author, the holder of the economic
|
||||
// rights, and the successive licensors have only limited liability.
|
||||
//
|
||||
// In this respect, the user's attention is drawn to the risks associated with
|
||||
// loading, using, modifying and/or developing or reproducing the software by
|
||||
// the user in light of its specific status of free software, that may mean
|
||||
// that it is complicated to manipulate, and that also therefore means that it
|
||||
// is reserved for developers and experienced professionals having in-depth
|
||||
// computer knowledge. Users are therefore encouraged to load and test the
|
||||
// software's suitability as regards their requirements in conditions enabling
|
||||
// the security of their systems and/or data to be ensured and, more generally,
|
||||
// to use and operate it in the same conditions as regards security.
|
||||
//
|
||||
// The fact that you are presently reading this means that you have had
|
||||
// knowledge of the CeCILL license and that you accept its terms.
|
||||
|
||||
export default {
|
||||
computed: {
|
||||
passwordState () {
|
||||
if (this.signupForm.password.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.signupForm.password.length >= 8 && /[A-Z]/.test(this.signupForm.password) && /[a-z]/.test(this.signupForm.password) && /[0-9]/.test(this.signupForm.password) && (/\W/.test(this.signupForm.password) || this.signupForm.password.length >= 11)
|
||||
},
|
||||
passwordConfirmState () {
|
||||
if (this.signupForm.passwordConfirm.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.signupForm.password === this.signupForm.passwordConfirm
|
||||
}
|
||||
}
|
||||
}
|
|
@ -78,7 +78,7 @@
|
|||
<b-form-input
|
||||
id="password-input"
|
||||
ref="recoverpassword"
|
||||
v-model="password"
|
||||
v-model="signupForm.password"
|
||||
type="password"
|
||||
:state="passwordState"
|
||||
required
|
||||
|
@ -93,7 +93,7 @@
|
|||
<b-form-input
|
||||
id="passwordconfirm-input"
|
||||
ref="recoverpasswordconfirm"
|
||||
v-model="passwordConfirm"
|
||||
v-model="signupForm.passwordConfirm"
|
||||
type="password"
|
||||
:state="passwordConfirmState"
|
||||
required
|
||||
|
@ -112,16 +112,21 @@
|
|||
|
||||
<script>
|
||||
import axios from 'axios'
|
||||
import PasswordChecks from '@/mixins/passwordChecks'
|
||||
|
||||
export default {
|
||||
|
||||
mixins: [PasswordChecks],
|
||||
|
||||
data: function () {
|
||||
return {
|
||||
email: '',
|
||||
emailState: null,
|
||||
error: null,
|
||||
password: '',
|
||||
passwordConfirm: '',
|
||||
signupForm: {
|
||||
password: '',
|
||||
passwordConfirm: ''
|
||||
},
|
||||
user: null
|
||||
}
|
||||
},
|
||||
|
@ -129,19 +134,6 @@ export default {
|
|||
computed: {
|
||||
isLoading () {
|
||||
return this.error === null || this.user === null
|
||||
},
|
||||
passwordState () {
|
||||
if (this.password.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.password.length > 15 || (
|
||||
/[A-Z]/.test(this.password) && /[a-z]/.test(this.password) && /[0-9]/.test(this.password) && (/\W/.test(this.password) || this.password.length >= 8))
|
||||
},
|
||||
passwordConfirmState () {
|
||||
if (this.passwordConfirm.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.password === this.passwordConfirm
|
||||
}
|
||||
},
|
||||
|
||||
|
@ -210,7 +202,7 @@ export default {
|
|||
axios
|
||||
.post('/api/users/' + encodeURIComponent(this.user) + '/recovery', {
|
||||
key: this.$route.query.k,
|
||||
password: this.password
|
||||
password: this.signupForm.password
|
||||
})
|
||||
.then(
|
||||
(response) => {
|
||||
|
|
|
@ -127,9 +127,12 @@
|
|||
|
||||
<script>
|
||||
import axios from 'axios'
|
||||
import PasswordChecks from '@/mixins/passwordChecks'
|
||||
|
||||
export default {
|
||||
|
||||
mixins: [PasswordChecks],
|
||||
|
||||
data: function () {
|
||||
return {
|
||||
signupForm: {
|
||||
|
@ -146,19 +149,6 @@ export default {
|
|||
return null
|
||||
}
|
||||
return /.+@.+\..+/i.test(this.signupForm.email)
|
||||
},
|
||||
passwordState () {
|
||||
if (this.signupForm.password.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.signupForm.password.length > 15 || (
|
||||
/[A-Z]/.test(this.signupForm.password) && /[a-z]/.test(this.signupForm.password) && /[0-9]/.test(this.signupForm.password) && (/\W/.test(this.signupForm.password) || this.signupForm.password.length >= 8))
|
||||
},
|
||||
passwordConfirmState () {
|
||||
if (this.signupForm.passwordConfirm.length === 0) {
|
||||
return null
|
||||
}
|
||||
return this.signupForm.password === this.signupForm.passwordConfirm
|
||||
}
|
||||
},
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ import (
|
|||
"crypto/sha512"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
@ -67,7 +68,29 @@ func NewUser(email string, password string) (u *User, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
func (u *User) CheckPasswordConstraints(password string) (err error) {
|
||||
if len(password) < 8 {
|
||||
return fmt.Errorf("Password has to be at least 8 characters long.")
|
||||
}
|
||||
|
||||
if !regexp.MustCompile(`[a-z]`).MatchString(password) {
|
||||
return fmt.Errorf("Password has to contain lower case letters.")
|
||||
} else if !regexp.MustCompile(`[A-Z]`).MatchString(password) {
|
||||
return fmt.Errorf("Password has to contain upper case letters.")
|
||||
} else if !regexp.MustCompile(`[0-9]`).MatchString(password) {
|
||||
return fmt.Errorf("Password has to contain numbers.")
|
||||
} else if len(password) < 11 && !regexp.MustCompile(`[^a-zA-Z0-9]`).MatchString(password) {
|
||||
return fmt.Errorf("Password has to be longer or contain symbols.")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *User) DefinePassword(password string) (err error) {
|
||||
if err = u.CheckPasswordConstraints(password); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
u.Password, err = bcrypt.GenerateFromPassword([]byte(password), 0)
|
||||
u.PasswordRecoveryKey = nil
|
||||
|
||||
|
|
Loading…
Reference in New Issue