a
/
gosora
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cover common mutations of literal definitions 

add seven char weak password definitions to take advantage of mutations
avoid majority of the weak password logic for really long passwords
This commit is contained in:
Azareal 2020-06-18 13:37:05 +10:00
parent 08d5e2e0d8
commit 3efd887b1a
3 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
common/weak_passwords.go
View File

@ -2,6 +2,7 @@ package common
import (
"errors"
"strconv"
"strings"
"unicode"
)
@ -87,8 +88,15 @@ func WeakPassword(password, username, email string) error {
case len(email) > 2 && strings.Contains(lowPassword, strings.ToLower(email)):
return ErrWeakPasswordEmailInPass
}
if len(lowPassword) > 30 {
return nil
}
_, ok := weakPassLit[lowPassword]
litPass := lowPassword
for i := 0; i < 10; i++ {
litPass = strings.TrimSuffix(litPass, strconv.Itoa(i))
}
_, ok := weakPassLit[litPass]
if ok {
return ErrWeakPasswordCommon
}

2
config/weakpass_default.json
View File

@ -3,6 +3,6 @@
"test", "123", "6969", "password", "qwerty", "fuck", "love","1 2 3 4 5"
],
"literal":[
"superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer"
"superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer","corvette","mercedes","letmein","welcome","freedom","matthew","asshole","ferrari","blahblah","crystal"
]
}

6
misc_test.go
View File

@ -2076,7 +2076,11 @@ func TestWeakPassword(t *testing.T) {
weakPass("test2", "draw", "test@example.com")(c.ErrWeakPasswordShort)
weakPass("test22222222", "draw", "test@example.com")(c.ErrWeakPasswordContains)
weakPass("superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)
weakPass("Superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("Superma2", "draw", "test@example.com")(nil)
weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("Superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("superman22", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)
weakPass("K\\@<^s}1", "draw", "test@example.com")(nil)
weakPass("K\\@<^s}r", "draw", "test@example.com")(c.ErrWeakPasswordNoNumbers)
weakPass("k\\@<^s}1", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)