Mercurial > prosody-modules
changeset 4829:caf7e88dc9e5
mod_password_policy: Add check that password doesn't contain username
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 22 Dec 2021 14:03:25 +0000 |
| parents | 56eba4bca28f |
| children | af6143cf7d22 |
| files | mod_password_policy/mod_password_policy.lua |
| diffstat | 1 files changed, 16 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_password_policy/mod_password_policy.lua Wed Dec 22 14:01:53 2021 +0000 +++ b/mod_password_policy/mod_password_policy.lua Wed Dec 22 14:03:25 2021 +0000 @@ -13,13 +13,23 @@ options = options or {}; options.length = options.length or 8; +if options.exclude_username == nil then + options.exclude_username = true; +end local st = require "util.stanza"; -function check_password(password) +function check_password(password, additional_info) if #password < options.length then return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length"; end + + if additional_info then + local username = additional_info.username; + if username and password:lower():find(username:lower(), 1, true) then + return nil, "Password must not include your username", "username"; + end + end return true; end @@ -46,9 +56,13 @@ table.insert(passwords, query:get_child_text("password")); + local additional_info = { + username = origin.username; + }; + for _,password in ipairs(passwords) do if password then - local pw_ok, pw_err, pw_failed_policy = check_password(password); + local pw_ok, pw_err, pw_failed_policy = check_password(password, additional_info); if not pw_ok then module:log("debug", "Password failed check against '%s' policy", pw_failed_policy); origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err));