globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

updates file names, variable names to be clearer.

Browse source
This commit is contained in:
sebastien 2024-11-05 16:18:45 +01:00
parent ff871f1340
commit 9708809714
4 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
canaille/app/forms.py
View file

@ -16,7 +16,7 @@ from canaille.app.i18n import gettext as _
from canaille.app.i18n import locale_selector from canaille.app.i18n import locale_selector
from canaille.app.i18n import timezone_selector from canaille.app.i18n import timezone_selector
from canaille.backends import Backend from canaille.backends import Backend
from canaille.core.mails import send_comprimised_password_check_failure_mail from canaille.core.mails import send_compromised_password_check_failure_mail
from . import validate_uri from . import validate_uri
from .flask import request_is_htmx from .flask import request_is_htmx
@ -94,9 +94,12 @@ def compromised_password_validator(form, field):
return None return None
hashed_password = sha1(field.data.encode("utf-8")).hexdigest() hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
hashed_password_splited = (hashed_password[:5].upper(), hashed_password[5:].upper()) hashed_password_prefix, hashed_password_suffix = (
hashed_password[:5].upper(),
hashed_password[5:].upper(),
)
api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_splited[0]}" api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
try: try:
response = requests.api.get(api_url, timeout=10) response = requests.api.get(api_url, timeout=10)
@ -111,8 +114,8 @@ def compromised_password_validator(form, field):
user_name = form["user_name"].data user_name = form["user_name"].data
user_email = form["emails"].data[0] user_email = form["emails"].data[0]
send_comprimised_password_check_failure_mail( send_compromised_password_check_failure_mail(
api_url, user_name, user_email, hashed_password api_url, user_name, user_email, hashed_password_suffix
) )
return None return None
@ -120,7 +123,7 @@ def compromised_password_validator(form, field):
decoded_response = response.content.decode("utf8").split("\r\n") decoded_response = response.content.decode("utf8").split("\r\n")
for each in decoded_response: for each in decoded_response:
if hashed_password_splited[1] in each.split(":")[0]: if hashed_password_suffix == each.split(":")[0]:
raise wtforms.ValidationError(_("This password is compromised.")) raise wtforms.ValidationError(_("This password is compromised."))

8
canaille/core/mails.py
View file

@ -212,17 +212,17 @@ def send_registration_mail(email, registration_url):
) )
def send_comprimised_password_check_failure_mail( def send_compromised_password_check_failure_mail(
check_password_url, user_name, user_email, hashed_password check_password_url, user_name, user_email, hashed_password
): ):
base_url = url_for("core.account.index", _external=True) base_url = url_for("core.account.index", _external=True)
logo_cid, logo_filename, logo_raw = logo() logo_cid, logo_filename, logo_raw = logo()
subject = _("Pwned password check incident on {website_name}").format( subject = _("compromised password check failure on {website_name}").format(
website_name=current_app.config["CANAILLE"]["NAME"] website_name=current_app.config["CANAILLE"]["NAME"]
) )
text_body = render_template( text_body = render_template(
"mails/pwned-password-non-checked.txt", "mails/compromised_password_check_failure.txt",
site_name=current_app.config["CANAILLE"]["NAME"], site_name=current_app.config["CANAILLE"]["NAME"],
site_url=base_url, site_url=base_url,
check_password_url=check_password_url, check_password_url=check_password_url,
@ -231,7 +231,7 @@ def send_comprimised_password_check_failure_mail(
hashed_password=hashed_password, hashed_password=hashed_password,
) )
html_body = render_template( html_body = render_template(
"mails/pwned-password-non-checked.html", "mails/compromised_password_check_failure.html",
site_name=current_app.config["CANAILLE"]["NAME"], site_name=current_app.config["CANAILLE"]["NAME"],
site_url=base_url, site_url=base_url,
check_password_url=check_password_url, check_password_url=check_password_url,

2
canaille/core/templates/mails/pwned-password-non-checked.html → canaille/core/templates/mails/compromised_password_check_failure.html
View file

@ -16,7 +16,7 @@
<img src="{{ logo }}" alt="{{ site_name }}" style="font-size: 1.3rem; border-style: none; width: 50px; display: inline-block; margin-top: .14em; vertical-align: middle;"> <img src="{{ logo }}" alt="{{ site_name }}" style="font-size: 1.3rem; border-style: none; width: 50px; display: inline-block; margin-top: .14em; vertical-align: middle;">
{% endif %} {% endif %}
<div style="font-size: 1.3rem; display: inline-block; padding-left: .75rem; vertical-align: middle;"> <div style="font-size: 1.3rem; display: inline-block; padding-left: .75rem; vertical-align: middle;">
{% trans %}Verification failed if password is compromised.{% endtrans %} {% trans %}Compromised password check failure{% endtrans %}
</div> </div>
</h3> </h3>
</td> </td>

2
canaille/core/templates/mails/pwned-password-non-checked.txt → canaille/core/templates/mails/compromised_password_check_failure.txt
View file

@ -1,4 +1,4 @@
# {% trans %}Verification failed if password is compromised.{% endtrans %} # {% trans %}Compromised password check failure{% endtrans %}
{% trans %}Our services were unable to verify if the http://127.0.0.1:5000/profile/{{ user_name }}/settings's password is compromised.{% endtrans %} {% trans %}Our services were unable to verify if the http://127.0.0.1:5000/profile/{{ user_name }}/settings's password is compromised.{% endtrans %}