diff MoinMoin/config/multiconfig.py @ 2431:58260d360f5c

password_checker (simple builtin test, optionally using python-crack lib)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 20 Jul 2007 03:46:38 +0200
parents 5d1c31b0c6b5
children 81afe010284f
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Fri Jul 20 00:57:57 2007 +0200
+++ b/MoinMoin/config/multiconfig.py	Fri Jul 20 03:46:38 2007 +0200
@@ -433,6 +433,51 @@
         'view':        ({}, _("View"), "view"),
         }
 
+
+    def password_checker(username, password):
+        """ Check if a password is secure enough.
+            First (and in any case), we use a built-in check to get rid of the
+            worst passwords. If there is cracklib installed, we use it for
+            additional checks.
+            If you don't want to check passwords, use password_checker = None.
+
+            @return: None if there is no problem with the password,
+                     some string with an error msg, if the password is problematic.
+        """
+        try:
+            # in any case, do a very simple built-in check to avoid the worst passwords
+            if len(password) < 6:
+                raise ValueError("Password too short!")
+
+            username_lower = username.lower()
+            password_lower = password.lower()
+            if username in password or password in username or \
+               username_lower in password_lower or password_lower in username_lower:
+                raise ValueError("Password too easy (containment)")
+
+            keyboards = (ur"`1234567890-=qwertyuiop[]\asdfghjkl;'zxcvbnm,./", # US kbd
+                        ) # add more keyboards!
+            for kbd in keyboards:
+                rev_kbd = kbd[::-1]
+                if password in kbd or password in rev_kbd or \
+                   password_lower in kbd or password_lower in rev_kbd:
+                    raise ValueError("Password too easy (kbd sequence)")
+            try:
+                # to use advanced checking, you need to install python-crack,
+                # cracklib-runtime (dict processing) and do not forget to
+                # initialize the crack dicts!
+                import crack
+                # instead of some "old password" we give the username to check
+                # whether the password is too similar to the username
+                crack.VeryFascistCheck(password, username) # raises ValueError on bad passwords
+            except ImportError:
+                pass
+            return None
+        except ValueError, err:
+            return str(err)
+
+    password_checker = staticmethod(password_checker)
+
     quicklinks_default = [] # preload user quicklinks with this page list
     refresh = None # (minimum_delay, type), e.g.: (2, 'internal')
     rss_cache = 60 # suggested caching time for RecentChanges RSS, in seconds