1
0
forked from ScoDoc/ScoDoc

Begins separation of user management functions

This commit is contained in:
Emmanuel Viennet 2021-01-16 14:02:18 +01:00
parent 1476df8ecf
commit 76d7a21ec7
3 changed files with 58 additions and 26 deletions

View File

@ -59,7 +59,7 @@ except:
from sco_utils import *
from notes_log import log
import sco_find_etud
from ZScoUsers import pwdFascistCheck
import sco_users
class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Implicit):
@ -201,7 +201,7 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
log("trying to change admin password")
# 1-- check strong password
if pwdFascistCheck(password) != None:
if not sco_users.is_valid_password(password):
log("refusing weak password")
return REQUEST.RESPONSE.redirect(
"change_admin_user_form?message=Mot%20de%20passe%20trop%20simple,%20recommencez"

View File

@ -47,24 +47,7 @@ from TrivialFormulator import TrivialFormulator, TF
from gen_tables import GenTable
import scolars
import sco_cache
# ----------------- password checking
import cracklib
def pwdFascistCheck(cleartxt):
"returns None if OK"
if (
hasattr(CONFIG, "MIN_PASSWORD_LENGTH")
and CONFIG.MIN_PASSWORD_LENGTH > 0
and len(cleartxt) < CONFIG.MIN_PASSWORD_LENGTH
):
return True # invalid
try:
x = cracklib.FascistCheck(cleartxt)
return None
except ValueError as e:
return str(e)
import sco_users
# ---------------
@ -358,10 +341,6 @@ class ZScoUsers(
else:
return False
def _is_valid_passwd(self, passwd):
"check if passwd is secure enough"
return not pwdFascistCheck(passwd)
def do_change_password(self, user_name, password):
user = self._user_list(args={"user_name": user_name})
assert len(user) == 1, "database inconsistency: len(user)=%d" % len(user)
@ -407,7 +386,7 @@ class ZScoUsers(
% user_name
)
else:
if not self._is_valid_passwd(password):
if not sco_users.is_valid_password(password):
H.append(
"""<p><b>ce mot de passe n\'est pas assez compliqué !</b><br/>(oui, il faut un mot de passe vraiment compliqué !)</p>
<p><a href="form_change_password?user_name=%s" class="stdlink">Recommencer</a></p>
@ -890,7 +869,7 @@ class ZScoUsers(
"""Les deux mots de passes ne correspondent pas !"""
)
return "\n".join(H) + msg + "\n" + tf[1] + F
if not self._is_valid_passwd(vals["passwd"]):
if not sco_users.is_valid_password(vals["passwd"]):
msg = tf_error_message(
"""Mot de passe trop simple, recommencez !"""
)

53
sco_users.py Normal file
View File

@ -0,0 +1,53 @@
# -*- mode: python -*-
# -*- coding: utf-8 -*-
##############################################################################
#
# Gestion scolarite IUT
#
# Copyright (c) 1999 - 2021 Emmanuel Viennet. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Emmanuel Viennet emmanuel.viennet@viennet.net
#
##############################################################################
"""Fonctions sur les utilisateurs
"""
# Anciennement dans ZScoUsers.py, séparé pour migration
import cracklib # pylint: disable=import-error
import sco_utils as scu
from sco_utils import CONFIG, SCO_ENCODING
def is_valid_password(cleartxt):
"""Check password.
returns True if OK.
"""
if (
hasattr(CONFIG, "MIN_PASSWORD_LENGTH")
and CONFIG.MIN_PASSWORD_LENGTH > 0
and len(cleartxt) < CONFIG.MIN_PASSWORD_LENGTH
):
return False # invalid: too short
try:
_ = cracklib.FascistCheck(cleartxt)
return True
except ValueError:
return False