Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: pwned check #2378

Merged
merged 1 commit into from
Nov 4, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 52 additions & 54 deletions portal/helpers/password.py
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
import hashlib
import re
from enum import Enum, auto

import requests
from django import forms
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.hashers import PBKDF2PasswordHasher as ph
from django.core.exceptions import ValidationError


import hashlib
import requests


def is_password_pwned(password):
# Create SHA1 hash of the password
sha1_hash = hashlib.sha1(password.encode()).hexdigest()
Expand Down Expand Up @@ -41,56 +39,56 @@ class PasswordStrength(Enum):
TEACHER = auto()

def password_test(self, password):
if self is PasswordStrength.STUDENT:
minimum_password_length = 6
# Make student password case insensitive
password = password.lower()
if password and not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=False,
lower=False,
numbers=False,
special_char=False,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")

elif self is PasswordStrength.INDEPENDENT:
minimum_password_length = 8
if password and not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=True,
lower=True,
numbers=True,
special_char=False,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters, "
"upper and lower case letters, and numbers and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")
else:
minimum_password_length = 10
if password and not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=True,
lower=True,
numbers=True,
special_char=True,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters, "
"upper and lower case letters, numbers, special characters and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")
if password:
if self is PasswordStrength.STUDENT:
minimum_password_length = 6
# Make student password case insensitive
password = password.lower()
if not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=False,
lower=False,
numbers=False,
special_char=False,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")
elif self is PasswordStrength.INDEPENDENT:
minimum_password_length = 8
if not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=True,
lower=True,
numbers=True,
special_char=False,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters, "
"upper and lower case letters, and numbers and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")
else:
minimum_password_length = 10
if not password_strength_test(
password=password,
minimum_password_length=minimum_password_length,
upper=True,
lower=True,
numbers=True,
special_char=True,
):
raise forms.ValidationError(
f"Password not strong enough, consider using at least {minimum_password_length} characters, "
"upper and lower case letters, numbers, special characters and making it hard to guess."
)
if is_password_pwned(password):
raise forms.ValidationError("Password is too common, consider using a different password.")

return password

Expand Down
Loading