davejansen/snikket-web-portal
1
0
Fork 0
Code Issues Pull Requests Activity

Merge pull request #174 from snikket-im/fix/password-validation

Browse Source 
Fix password validation
This commit is contained in:
Matthew Wild
2024-01-09 10:08:58 +00:00
committed by GitHub
parent 28a9a33aa1 38ad81b0e2
commit 121f3eddb5
4 changed files with 53 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
snikket_web/invite.py
View File

@@ -116,6 +116,10 @@ class RegisterForm(BaseForm):
password = wtforms.PasswordField( password = wtforms.PasswordField(
_l("Password"), _l("Password"),
validators=[
wtforms.validators.InputRequired(),
wtforms.validators.Length(min=10),
],
) )
password_confirm = wtforms.PasswordField( password_confirm = wtforms.PasswordField(
@@ -184,6 +188,10 @@ async def register(id_: str) -> typing.Union[str, werkzeug.Response]:
class ResetForm(BaseForm): class ResetForm(BaseForm):
password = wtforms.PasswordField( password = wtforms.PasswordField(
_l("Password"), _l("Password"),
validators=[
wtforms.validators.InputRequired(),
wtforms.validators.Length(min=10),
],
) )
password_confirm = wtforms.PasswordField( password_confirm = wtforms.PasswordField(

4
snikket_web/prosodyclient.py
View File

@@ -909,7 +909,7 @@ class ProsodyClient:
self.session_address, self.session_address,
current_password, current_password,
) )
await self._xml_iq_call( password_changed = await self._xml_iq_call(
session, session,
xmpputil.make_password_change_request( xmpputil.make_password_change_request(
self.session_address, self.session_address,
@@ -920,7 +920,7 @@ class ProsodyClient:
}, },
sensitive=True, sensitive=True,
) )
# TODO: error handling xmpputil.extract_iq_reply(password_changed)
# TODO: obtain a new token using the new password to allow the # TODO: obtain a new token using the new password to allow the
# server to expire/revoke all tokens on password change. # server to expire/revoke all tokens on password change.
self._store_token_in_session(token_info) self._store_token_in_session(token_info)

62
snikket_web/translations/messages.pot
View File

@@ -23,7 +23,7 @@ msgid "Login name"
msgstr "" msgstr ""
#: snikket_web/admin.py:73 snikket_web/templates/admin_delete_user.html:12 #: snikket_web/admin.py:73 snikket_web/templates/admin_delete_user.html:12
#: snikket_web/user.py:63 #: snikket_web/user.py:69
msgid "Display name" msgid "Display name"
msgstr "" msgstr ""
@@ -280,56 +280,56 @@ msgstr ""
msgid "Username" msgid "Username"
msgstr "" msgstr ""
#: snikket_web/invite.py:118 snikket_web/invite.py:186 snikket_web/main.py:43 #: snikket_web/invite.py:118 snikket_web/invite.py:190 snikket_web/main.py:43
msgid "Password" msgid "Password"
msgstr "" msgstr ""
#: snikket_web/invite.py:122 snikket_web/invite.py:190 #: snikket_web/invite.py:126 snikket_web/invite.py:198
msgid "Confirm password" msgid "Confirm password"
msgstr "" msgstr ""
#: snikket_web/invite.py:126 snikket_web/invite.py:194 #: snikket_web/invite.py:130 snikket_web/invite.py:202
msgid "The passwords must match." msgid "The passwords must match."
msgstr "" msgstr ""
#: snikket_web/invite.py:131 #: snikket_web/invite.py:135
msgid "Create account" msgid "Create account"
msgstr "" msgstr ""
#: snikket_web/invite.py:158 #: snikket_web/invite.py:162
msgid "That username is already taken." msgid "That username is already taken."
msgstr "" msgstr ""
#: snikket_web/invite.py:162 snikket_web/invite.py:227 #: snikket_web/invite.py:166 snikket_web/invite.py:235
msgid "Registration was declined for unknown reasons." msgid "Registration was declined for unknown reasons."
msgstr "" msgstr ""
#: snikket_web/invite.py:166 #: snikket_web/invite.py:170
msgid "The username is not valid." msgid "The username is not valid."
msgstr "" msgstr ""
#: snikket_web/invite.py:199 snikket_web/templates/user_home.html:32 #: snikket_web/invite.py:207 snikket_web/templates/user_home.html:32
#: snikket_web/templates/user_passwd.html:29 #: snikket_web/templates/user_passwd.html:29
msgid "Change password" msgid "Change password"
msgstr "" msgstr ""
#: snikket_web/invite.py:246 #: snikket_web/invite.py:254
msgid "Account data file" msgid "Account data file"
msgstr "" msgstr ""
#: snikket_web/invite.py:250 #: snikket_web/invite.py:258
msgid "Import data" msgid "Import data"
msgstr "" msgstr ""
#: snikket_web/invite.py:271 #: snikket_web/invite.py:279
#, python-format #, python-format
msgid "" msgid ""
"The account data you tried to import is in an unknown format. Please " "The account data you tried to import is in an unknown format. Please "
"upload an XML file in XEP-0227 format (provided format: %(mimetype)s)." "upload an XML file in XEP-0227 format (provided format: %(mimetype)s)."
msgstr "" msgstr ""
#: snikket_web/invite.py:291 snikket_web/templates/unauth.html:18 #: snikket_web/invite.py:299 snikket_web/templates/unauth.html:18
#: snikket_web/user.py:178 #: snikket_web/user.py:184
msgid "Error" msgid "Error"
msgstr "" msgstr ""
@@ -357,73 +357,73 @@ msgstr ""
msgid "New password" msgid "New password"
msgstr "" msgstr ""
#: snikket_web/user.py:39 #: snikket_web/user.py:42
msgid "Confirm new password" msgid "Confirm new password"
msgstr "" msgstr ""
#: snikket_web/user.py:43 #: snikket_web/user.py:47
msgid "The new passwords must match." msgid "The new passwords must match."
msgstr "" msgstr ""
#: snikket_web/user.py:50 #: snikket_web/user.py:56
msgid "Sign out" msgid "Sign out"
msgstr "" msgstr ""
#: snikket_web/user.py:55 #: snikket_web/user.py:61
msgid "Nobody" msgid "Nobody"
msgstr "" msgstr ""
#: snikket_web/user.py:56 #: snikket_web/user.py:62
msgid "Friends only" msgid "Friends only"
msgstr "" msgstr ""
#: snikket_web/user.py:57 #: snikket_web/user.py:63
msgid "Everyone" msgid "Everyone"
msgstr "" msgstr ""
#: snikket_web/user.py:67 #: snikket_web/user.py:73
msgid "Avatar" msgid "Avatar"
msgstr "" msgstr ""
#: snikket_web/user.py:71 #: snikket_web/user.py:77
msgid "Profile visibility" msgid "Profile visibility"
msgstr "" msgstr ""
#: snikket_web/user.py:76 #: snikket_web/user.py:82
msgid "Update profile" msgid "Update profile"
msgstr "" msgstr ""
#: snikket_web/user.py:82 #: snikket_web/user.py:88
msgid "Account data" msgid "Account data"
msgstr "" msgstr ""
#: snikket_web/user.py:86 #: snikket_web/user.py:92
msgid "Upload" msgid "Upload"
msgstr "" msgstr ""
#: snikket_web/user.py:111 #: snikket_web/user.py:117
msgid "Incorrect password." msgid "Incorrect password."
msgstr "" msgstr ""
#: snikket_web/user.py:115 #: snikket_web/user.py:121
msgid "Password changed" msgid "Password changed"
msgstr "" msgstr ""
#: snikket_web/user.py:123 #: snikket_web/user.py:129
msgid "" msgid ""
"The chosen avatar is too big. To be able to upload larger avatars, please" "The chosen avatar is too big. To be able to upload larger avatars, please"
" use the app." " use the app."
msgstr "" msgstr ""
#: snikket_web/user.py:170 #: snikket_web/user.py:176
msgid "Profile updated" msgid "Profile updated"
msgstr "" msgstr ""
#: snikket_web/user.py:184 #: snikket_web/user.py:190
msgid "Export" msgid "Export"
msgstr "" msgstr ""
#: snikket_web/user.py:202 #: snikket_web/user.py:208
msgid "You currently have no account data to export." msgid "You currently have no account data to export."
msgstr "" msgstr ""

12
snikket_web/user.py
View File

@@ -32,16 +32,22 @@ class ChangePasswordForm(BaseForm):
new_password = wtforms.PasswordField( new_password = wtforms.PasswordField(
_l("New password"), _l("New password"),
validators=[wtforms.validators.InputRequired()] validators=[
wtforms.validators.InputRequired(),
wtforms.validators.Length(min=10),
]
) )
new_password_confirm = wtforms.PasswordField( new_password_confirm = wtforms.PasswordField(
_l("Confirm new password"), _l("Confirm new password"),
validators=[wtforms.validators.InputRequired(), validators=[
wtforms.validators.InputRequired(),
wtforms.validators.EqualTo( wtforms.validators.EqualTo(
"new_password", "new_password",
_l("The new passwords must match.") _l("The new passwords must match.")
)] ),
wtforms.validators.Length(min=10),
]
) )