diff --git a/common/weak_passwords.go b/common/weak_passwords.go index 7666ab91..5f61e5fe 100644 --- a/common/weak_passwords.go +++ b/common/weak_passwords.go @@ -2,6 +2,7 @@ package common import ( "errors" + "strconv" "strings" "unicode" ) @@ -87,8 +88,15 @@ func WeakPassword(password, username, email string) error { case len(email) > 2 && strings.Contains(lowPassword, strings.ToLower(email)): return ErrWeakPasswordEmailInPass } + if len(lowPassword) > 30 { + return nil + } - _, ok := weakPassLit[lowPassword] + litPass := lowPassword + for i := 0; i < 10; i++ { + litPass = strings.TrimSuffix(litPass, strconv.Itoa(i)) + } + _, ok := weakPassLit[litPass] if ok { return ErrWeakPasswordCommon } diff --git a/config/weakpass_default.json b/config/weakpass_default.json index c8f88508..8071d0f1 100644 --- a/config/weakpass_default.json +++ b/config/weakpass_default.json @@ -3,6 +3,6 @@ "test", "123", "6969", "password", "qwerty", "fuck", "love","1 2 3 4 5" ], "literal":[ - "superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer" + "superman","football","starwars","passw0rd","whatever","master's degree","trustno1","computer","corvette","mercedes","letmein","welcome","freedom","matthew","asshole","ferrari","blahblah","crystal" ] } \ No newline at end of file diff --git a/misc_test.go b/misc_test.go index 1af806a0..14a9f19b 100644 --- a/misc_test.go +++ b/misc_test.go @@ -2076,7 +2076,11 @@ func TestWeakPassword(t *testing.T) { weakPass("test2", "draw", "test@example.com")(c.ErrWeakPasswordShort) weakPass("test22222222", "draw", "test@example.com")(c.ErrWeakPasswordContains) weakPass("superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon) - weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper) + weakPass("Superman", "draw", "test@example.com")(c.ErrWeakPasswordCommon) + weakPass("Superma2", "draw", "test@example.com")(nil) + weakPass("superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon) + weakPass("Superman2", "draw", "test@example.com")(c.ErrWeakPasswordCommon) + weakPass("superman22", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper) weakPass("K\\@<^s}1", "draw", "test@example.com")(nil) weakPass("K\\@<^s}r", "draw", "test@example.com")(c.ErrWeakPasswordNoNumbers) weakPass("k\\@<^s}1", "draw", "test@example.com")(c.ErrWeakPasswordNoUpper)