adds configuration option set by default False to check password compromise

2024-11-13 16:12:50 +01:00 · 2024-11-13 16:12:50 +01:00 · 2a57a05155
commit 2a57a05155
parent faa5c6f966
2 changed files with 18 additions and 15 deletions
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@ -88,6 +88,7 @@ def password_strength_calculator(password):


 def compromised_password_validator(form, field):
+    if current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"]:
        hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
        hashed_password_prefix, hashed_password_suffix = (
            hashed_password[:5].upper(),
@ -106,7 +107,7 @@ def compromised_password_validator(form, field):

        for each in decoded_response:
            if hashed_password_suffix == each.split(":")[0]:
-            raise wtforms.ValidationError(_("This password is compromised."))
+                raise wtforms.ValidationError(_("This password appears on public compromission databases and is not secure."))


 def email_validator(form, field):
--- a/canaille/core/configuration.py
+++ b/canaille/core/configuration.py
@ -320,3 +320,5 @@ class CoreSettings(BaseModel):
    corruption), it is necessary to provide an administration contact
    email.
    """
+
+    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False