happyDomain/happyDomain
happyDomain
/
happyDomain
1
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

Add password constraint check in Go + update JS ones

This commit is contained in:
nemunaire 2020-07-21 02:30:30 +02:00
parent 3f96397a19
commit 01100610fb
4 changed files with 83 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
htdocs/src/mixins/passwordChecks.js Normal file
View File

@ -0,0 +1,47 @@
// Copyright or © or Copr. happyDNS (2020)
//
// contact@happydns.org
//
// This software is a computer program whose purpose is to provide a modern
// interface to interact with DNS systems.
//
// This software is governed by the CeCILL license under French law and abiding
// by the rules of distribution of free software. You can use, modify and/or
// redistribute the software under the terms of the CeCILL license as
// circulated by CEA, CNRS and INRIA at the following URL
// "http://www.cecill.info".
//
// As a counterpart to the access to the source code and rights to copy, modify
// and redistribute granted by the license, users are provided only with a
// limited warranty and the software's author, the holder of the economic
// rights, and the successive licensors have only limited liability.
//
// In this respect, the user's attention is drawn to the risks associated with
// loading, using, modifying and/or developing or reproducing the software by
// the user in light of its specific status of free software, that may mean
// that it is complicated to manipulate, and that also therefore means that it
// is reserved for developers and experienced professionals having in-depth
// computer knowledge. Users are therefore encouraged to load and test the
// software's suitability as regards their requirements in conditions enabling
// the security of their systems and/or data to be ensured and, more generally,
// to use and operate it in the same conditions as regards security.
//
// The fact that you are presently reading this means that you have had
// knowledge of the CeCILL license and that you accept its terms.
export default {
computed: {
passwordState () {
if (this.signupForm.password.length === 0) {
return null
}
return this.signupForm.password.length >= 8 && /[A-Z]/.test(this.signupForm.password) && /[a-z]/.test(this.signupForm.password) && /[0-9]/.test(this.signupForm.password) && (/\W/.test(this.signupForm.password) || this.signupForm.password.length >= 11)
},
passwordConfirmState () {
if (this.signupForm.passwordConfirm.length === 0) {
return null
}
return this.signupForm.password === this.signupForm.passwordConfirm
}
}
}

28
htdocs/src/views/forgotten-password.vue
View File

@ -78,7 +78,7 @@
<b-form-input
id="password-input"
ref="recoverpassword"
v-model="password"
v-model="signupForm.password"
type="password"
:state="passwordState"
required
@ -93,7 +93,7 @@
<b-form-input
id="passwordconfirm-input"
ref="recoverpasswordconfirm"
v-model="passwordConfirm"
v-model="signupForm.passwordConfirm"
type="password"
:state="passwordConfirmState"
required
@ -112,16 +112,21 @@
<script>
import axios from 'axios'
import PasswordChecks from '@/mixins/passwordChecks'
export default {
mixins: [PasswordChecks],
data: function () {
return {
email: '',
emailState: null,
error: null,
password: '',
passwordConfirm: '',
signupForm: {
password: '',
passwordConfirm: ''
},
user: null
}
},
@ -129,19 +134,6 @@ export default {
computed: {
isLoading () {
return this.error === null || this.user === null
},
passwordState () {
if (this.password.length === 0) {
return null
}
return this.password.length > 15 || (
/[A-Z]/.test(this.password) && /[a-z]/.test(this.password) && /[0-9]/.test(this.password) && (/\W/.test(this.password) || this.password.length >= 8))
},
passwordConfirmState () {
if (this.passwordConfirm.length === 0) {
return null
}
return this.password === this.passwordConfirm
}
},
@ -210,7 +202,7 @@ export default {
axios
.post('/api/users/' + encodeURIComponent(this.user) + '/recovery', {
key: this.$route.query.k,
password: this.password
password: this.signupForm.password
})
.then(
(response) => {

16
htdocs/src/views/signup.vue
View File

@ -127,9 +127,12 @@
<script>
import axios from 'axios'
import PasswordChecks from '@/mixins/passwordChecks'
export default {
mixins: [PasswordChecks],
data: function () {
return {
signupForm: {
@ -146,19 +149,6 @@ export default {
return null
}
return /.+@.+\..+/i.test(this.signupForm.email)
},
passwordState () {
if (this.signupForm.password.length === 0) {
return null
}
return this.signupForm.password.length > 15 || (
/[A-Z]/.test(this.signupForm.password) && /[a-z]/.test(this.signupForm.password) && /[0-9]/.test(this.signupForm.password) && (/\W/.test(this.signupForm.password) || this.signupForm.password.length >= 8))
},
passwordConfirmState () {
if (this.signupForm.passwordConfirm.length === 0) {
return null
}
return this.signupForm.password === this.signupForm.passwordConfirm
}
},

23
model/user.go
View File

@ -37,6 +37,7 @@ import (
"crypto/sha512"
"encoding/base64"
"fmt"
"regexp"
"time"
"golang.org/x/crypto/bcrypt"
@ -67,7 +68,29 @@ func NewUser(email string, password string) (u *User, err error) {
return
}
func (u *User) CheckPasswordConstraints(password string) (err error) {
if len(password) < 8 {
return fmt.Errorf("Password has to be at least 8 characters long.")
}
if !regexp.MustCompile(`[a-z]`).MatchString(password) {
return fmt.Errorf("Password has to contain lower case letters.")
} else if !regexp.MustCompile(`[A-Z]`).MatchString(password) {
return fmt.Errorf("Password has to contain upper case letters.")
} else if !regexp.MustCompile(`[0-9]`).MatchString(password) {
return fmt.Errorf("Password has to contain numbers.")
} else if len(password) < 11 && !regexp.MustCompile(`[^a-zA-Z0-9]`).MatchString(password) {
return fmt.Errorf("Password has to be longer or contain symbols.")
}
return nil
}
func (u *User) DefinePassword(password string) (err error) {
if err = u.CheckPasswordConstraints(password); err != nil {
return
}
u.Password, err = bcrypt.GenerateFromPassword([]byte(password), 0)
u.PasswordRecoveryKey = nil