cover common mutations of literal definitions

add seven char weak password definitions to take advantage of mutations
avoid majority of the weak password logic for really long passwords
This commit is contained in:
Azareal 2020-06-18 13:37:05 +10:00
parent 08d5e2e0d8
commit 3efd887b1a
3 changed files with 15 additions and 3 deletions

View File

@ -2,6 +2,7 @@ package common
import (
"errors"
"strconv"
"strings"
"unicode"
)
@ -87,8 +88,15 @@ func WeakPassword(password, username, email string) error {
case len(email) > 2 && strings.Contains(lowPassword, strings.ToLower(email)):
return ErrWeakPasswordEmailInPass
}
if len(lowPassword) > 30 {
return nil
}
_, ok := weakPassLit[lowPassword]
litPass := lowPassword
for i := 0; i < 10; i++ {
litPass = strings.TrimSuffix(litPass, strconv.Itoa(i))
}
_, ok := weakPassLit[litPass]
if ok {
return ErrWeakPasswordCommon
}

View File

@ -3,6 +3,6 @@
"test", "123", "6969", "password", "qwerty", "fuck", "love","1 2 3 4 5"
],
"literal":[
"superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer"
"superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer","corvette","mercedes","letmein","welcome","freedom","matthew","asshole","ferrari","blahblah","crystal"
]
}

View File

@ -2076,7 +2076,11 @@ func TestWeakPassword(t *testing.T) {
weakPass("test2", "draw", "test@example.com")(c.ErrWeakPasswordShort)
weakPass("test22222222", "draw", "test@example.com")(c.ErrWeakPasswordContains)
weakPass("superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)
weakPass("Superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("Superma2", "draw", "test@example.com")(nil)
weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("Superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon)
weakPass("superman22", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)
weakPass("K\\@<^s}1", "draw", "test@example.com")(nil)
weakPass("K\\@<^s}r", "draw", "test@example.com")(c.ErrWeakPasswordNoNumbers)
weakPass("k\\@<^s}1", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)