globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

adds configuration option set by default False to check password compromise

Browse source
This commit is contained in:
sebastien 2024-11-13 16:12:50 +01:00
parent faa5c6f966
commit 2a57a05155
2 changed files with 18 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
canaille/app/forms.py
View file

@ -88,6 +88,7 @@ def password_strength_calculator(password):
def compromised_password_validator(form, field): def compromised_password_validator(form, field):
if current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"]:
hashed_password = sha1(field.data.encode("utf-8")).hexdigest() hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
hashed_password_prefix, hashed_password_suffix = ( hashed_password_prefix, hashed_password_suffix = (
hashed_password[:5].upper(), hashed_password[:5].upper(),
@ -106,7 +107,7 @@ def compromised_password_validator(form, field):
for each in decoded_response: for each in decoded_response:
if hashed_password_suffix == each.split(":")[0]: if hashed_password_suffix == each.split(":")[0]:
raise wtforms.ValidationError(_("This password is compromised.")) raise wtforms.ValidationError(_("This password appears on public compromission databases and is not secure."))
def email_validator(form, field): def email_validator(form, field):

2
canaille/core/configuration.py
View file

@ -320,3 +320,5 @@ class CoreSettings(BaseModel):
corruption), it is necessary to provide an administration contact corruption), it is necessary to provide an administration contact
email. email.
""" """
ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False