Mercurial > prosody-modules
comparison mod_password_policy/mod_password_policy.lua @ 4829:caf7e88dc9e5
mod_password_policy: Add check that password doesn't contain username
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 22 Dec 2021 14:03:25 +0000 |
| parents | 56eba4bca28f |
| children | af6143cf7d22 |
comparison
equal
deleted
inserted
replaced
| 4828:56eba4bca28f | 4829:caf7e88dc9e5 |
|---|---|
| 11 | 11 |
| 12 local options = module:get_option("password_policy"); | 12 local options = module:get_option("password_policy"); |
| 13 | 13 |
| 14 options = options or {}; | 14 options = options or {}; |
| 15 options.length = options.length or 8; | 15 options.length = options.length or 8; |
| 16 if options.exclude_username == nil then | |
| 17 options.exclude_username = true; | |
| 18 end | |
| 16 | 19 |
| 17 local st = require "util.stanza"; | 20 local st = require "util.stanza"; |
| 18 | 21 |
| 19 function check_password(password) | 22 function check_password(password, additional_info) |
| 20 if #password < options.length then | 23 if #password < options.length then |
| 21 return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length"; | 24 return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length"; |
| 25 end | |
| 26 | |
| 27 if additional_info then | |
| 28 local username = additional_info.username; | |
| 29 if username and password:lower():find(username:lower(), 1, true) then | |
| 30 return nil, "Password must not include your username", "username"; | |
| 31 end | |
| 22 end | 32 end |
| 23 return true; | 33 return true; |
| 24 end | 34 end |
| 25 | 35 |
| 26 function get_policy() | 36 function get_policy() |
| 44 end | 54 end |
| 45 end | 55 end |
| 46 | 56 |
| 47 table.insert(passwords, query:get_child_text("password")); | 57 table.insert(passwords, query:get_child_text("password")); |
| 48 | 58 |
| 59 local additional_info = { | |
| 60 username = origin.username; | |
| 61 }; | |
| 62 | |
| 49 for _,password in ipairs(passwords) do | 63 for _,password in ipairs(passwords) do |
| 50 if password then | 64 if password then |
| 51 local pw_ok, pw_err, pw_failed_policy = check_password(password); | 65 local pw_ok, pw_err, pw_failed_policy = check_password(password, additional_info); |
| 52 if not pw_ok then | 66 if not pw_ok then |
| 53 module:log("debug", "Password failed check against '%s' policy", pw_failed_policy); | 67 module:log("debug", "Password failed check against '%s' policy", pw_failed_policy); |
| 54 origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err)); | 68 origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err)); |
| 55 return true; | 69 return true; |
| 56 end | 70 end |