mirror of
https://github.com/matrix-org/dendrite.git
synced 2025-12-07 06:53:09 -06:00
Update validate.go
This commit is contained in:
Srinjoy Sen Chowdhury
GitHub
parent
f3aef111d7
commit
72369a85a4
|
|
@ -28,98 +28,47 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
minPasswordLength = 8 // Minimum password length
|
maxUsernameLength = 254 // https://spec.matrix.org/v1.7/appendices/#user-identifiers TODO account for domain
|
||||||
maxPasswordLength = 512 // Maximum password length
|
|
||||||
maxUsernameLength = 254 // Maximum username length
|
minPasswordLength = 8 // http://matrix.org/docs/spec/client_server/r0.2.0.html#password-based
|
||||||
sessionIDLength = 24 // Session ID length
|
maxPasswordLength = 512 // https://github.com/matrix-org/synapse/blob/v0.20.0/synapse/rest/client/v2_alpha/register.py#L161
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ErrPasswordTooLong = errors.New("password is too long")
|
ErrPasswordTooLong = fmt.Errorf("password too long: max %d characters", maxPasswordLength)
|
||||||
ErrPasswordWeak = errors.New("password does not meet the strength requirements")
|
ErrPasswordWeak = fmt.Errorf("password too weak: min %d characters", minPasswordLength)
|
||||||
ErrUsernameTooLong = fmt.Errorf("username exceeds the maximum length of %d characters", maxUsernameLength)
|
ErrUsernameTooLong = fmt.Errorf("username exceeds the maximum length of %d characters", maxUsernameLength)
|
||||||
ErrUsernameInvalid = errors.New("username can only contain characters a-z, 0-9, or '_+-./='")
|
ErrUsernameInvalid = errors.New("username can only contain characters a-z, 0-9, or '_+-./='")
|
||||||
ErrUsernameUnderscore = errors.New("username cannot start with a '_'")
|
ErrUsernameUnderscore = errors.New("username cannot start with a '_'")
|
||||||
validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-+=./]+$`)
|
validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-+=./]+$`)
|
||||||
)
|
)
|
||||||
|
|
||||||
// PasswordConfig defines the configurable parameters for password validation
|
// ValidatePassword returns an error if the password is invalid
|
||||||
type PasswordConfig struct {
|
func ValidatePassword(password string) error {
|
||||||
MinLength int `yaml:"min_length"`
|
// https://github.com/matrix-org/synapse/blob/v0.20.0/synapse/rest/client/v2_alpha/register.py#L161
|
||||||
MaxLength int `yaml:"max_length"`
|
if len(password) > maxPasswordLength {
|
||||||
RequireUppercase bool `yaml:"require_uppercase"`
|
|
||||||
RequireLowercase bool `yaml:"require_lowercase"`
|
|
||||||
RequireDigit bool `yaml:"require_digit"`
|
|
||||||
RequireSpecial bool `yaml:"require_special"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Default password config
|
|
||||||
var defaultPasswordConfig = PasswordConfig{
|
|
||||||
MinLength: minPasswordLength,
|
|
||||||
MaxLength: maxPasswordLength,
|
|
||||||
RequireUppercase: true,
|
|
||||||
RequireLowercase: true,
|
|
||||||
RequireDigit: true,
|
|
||||||
RequireSpecial: true,
|
|
||||||
}
|
|
||||||
|
|
||||||
// ValidatePassword returns an error if the password is invalid according to the config
|
|
||||||
func ValidatePassword(password string, config PasswordConfig) error {
|
|
||||||
if len(password) > config.MaxLength {
|
|
||||||
return ErrPasswordTooLong
|
return ErrPasswordTooLong
|
||||||
} else if len(password) < config.MinLength {
|
} else if len(password) > 0 && len(password) < minPasswordLength {
|
||||||
return ErrPasswordWeak
|
return ErrPasswordWeak
|
||||||
}
|
}
|
||||||
|
|
||||||
var hasUppercase, hasLowercase, hasDigit, hasSpecial bool
|
|
||||||
for _, char := range password {
|
|
||||||
switch {
|
|
||||||
case unicode.IsUpper(char):
|
|
||||||
hasUppercase = true
|
|
||||||
case unicode.IsLower(char):
|
|
||||||
hasLowercase = true
|
|
||||||
case unicode.IsDigit(char):
|
|
||||||
hasDigit = true
|
|
||||||
case unicode.IsPunct(char) || unicode.IsSymbol(char):
|
|
||||||
hasSpecial = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if config.RequireUppercase && !hasUppercase {
|
|
||||||
return ErrPasswordWeak
|
|
||||||
}
|
|
||||||
if config.RequireLowercase && !hasLowercase {
|
|
||||||
return ErrPasswordWeak
|
|
||||||
}
|
|
||||||
if config.RequireDigit && !hasDigit {
|
|
||||||
return ErrPasswordWeak
|
|
||||||
}
|
|
||||||
if config.RequireSpecial && !hasSpecial {
|
|
||||||
return ErrPasswordWeak
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sidecar: Log the password validation attempt (placeholder)
|
|
||||||
sidecarLogPasswordValidation(password)
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sidecar function to log password validation attempts
|
// PasswordResponse returns a util.JSONResponse for a given error, if any.
|
||||||
func sidecarLogPasswordValidation(password string) {
|
func PasswordResponse(err error) *util.JSONResponse {
|
||||||
// Placeholder for sidecar logging
|
switch err {
|
||||||
fmt.Println("Sidecar log: Password validation attempted")
|
case ErrPasswordWeak:
|
||||||
}
|
return &util.JSONResponse{
|
||||||
|
Code: http.StatusBadRequest,
|
||||||
func main() {
|
JSON: spec.WeakPassword(ErrPasswordWeak.Error()),
|
||||||
// Example usage
|
|
||||||
password := "P@ssw0rd"
|
|
||||||
err := ValidatePassword(password, defaultPasswordConfig)
|
|
||||||
if err != nil {
|
|
||||||
fmt.Println("Password validation failed:", err)
|
|
||||||
} else {
|
|
||||||
fmt.Println("Password is valid")
|
|
||||||
}
|
}
|
||||||
|
case ErrPasswordTooLong:
|
||||||
|
return &util.JSONResponse{
|
||||||
|
Code: http.StatusBadRequest,
|
||||||
|
JSON: spec.BadJSON(ErrPasswordTooLong.Error()),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateUsername returns an error if the username is invalid
|
// ValidateUsername returns an error if the username is invalid
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue