main
Florent Daigniere 2 years ago
parent 5d314c49ae
commit 66250e396c

@ -1,4 +1,4 @@
from mailu import models
from mailu import models, utils
from mailu.ui import ui, forms, access
from flask import current_app as app
@ -93,12 +93,8 @@ def domain_signup(domain_name=None):
del form.pw
del form.pw2
if form.validate_on_submit():
if not flask_login.current_user.is_authenticated and len(form.pw.data) < 8:
flask.flash("This password is too short.", "error")
return flask.render_template('domain/signup.html', form=form)
breaches = int(form.pwned.data)
if breaches > 0:
flask.flash(f"This password appears in {breaches} data breaches! Please change it.", "error")
if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error")
return flask.render_template('domain/signup.html', form=form)
conflicting_domain = models.Domain.query.get(form.name.data)
conflicting_alternative = models.Alternative.query.get(form.name.data)

@ -1,4 +1,4 @@
from mailu import models
from mailu import models, utils
from mailu.ui import ui, access, forms
from flask import current_app as app
@ -28,13 +28,8 @@ def user_create(domain_name):
form.quota_bytes.validators = [
wtforms.validators.NumberRange(max=domain.max_quota_bytes)]
if form.validate_on_submit():
if len(form.pw.data) < 8:
flask.flash("This password is too short.", "error")
return flask.render_template('user/create.html',
domain=domain, form=form)
breaches = int(form.pwned.data)
if breaches > 0:
flask.flash(f"This password appears in {breaches} data breaches! Please change it.", "error")
if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error")
return flask.render_template('user/create.html',
domain=domain, form=form)
if domain.has_email(form.localpart.data):
@ -69,13 +64,8 @@ def user_edit(user_email):
form.quota_bytes.validators = [
wtforms.validators.NumberRange(max=max_quota_bytes)]
if form.validate_on_submit():
if len(form.pw.data) < 8:
flask.flash("This password is too short.", "error")
return flask.render_template('user/edit.html', form=form, user=user,
domain=user.domain, max_quota_bytes=max_quota_bytes)
breaches = int(form.pwned.data)
if breaches > 0:
flask.flash(f"This password appears in {breaches} data breaches! Please change it.", "error")
if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error")
return flask.render_template('user/edit.html', form=form, user=user,
domain=user.domain, max_quota_bytes=max_quota_bytes)
form.populate_obj(user)
@ -137,12 +127,8 @@ def user_password(user_email):
if form.pw.data != form.pw2.data:
flask.flash('Passwords do not match', 'error')
else:
if len(form.pw.data) < 8:
flask.flash("This password is too short.", "error")
return flask.render_template('user/password.html', form=form, user=user)
breaches = int(form.pwned.data)
if breaches > 0:
flask.flash(f"This password appears in {breaches} data breaches! Please change it.", "error")
if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error")
return flask.render_template('user/password.html', form=form, user=user)
flask.session.regenerate()
user.set_password(form.pw.data)
@ -195,12 +181,8 @@ def user_signup(domain_name=None):
if domain.has_email(form.localpart.data) or models.Alias.resolve(form.localpart.data, domain_name):
flask.flash('Email is already used', 'error')
else:
if len(form.pw.data) < 8:
flask.flash("This password is too short.", "error")
return flask.render_template('user/signup.html', domain=domain, form=form)
breaches = int(form.pwned.data)
if breaches > 0:
flask.flash(f"This password appears in {breaches} data breaches! Please change it.", "error")
if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error")
return flask.render_template('user/signup.html', domain=domain, form=form)
flask.session.regenerate()
user = models.User(domain=domain)

@ -507,3 +507,14 @@ def gen_temp_token(email, session):
app.config['PERMANENT_SESSION_LIFETIME'],
)
return token
def isBadOrPwned(form):
try:
if len(form.pw.data) < 8:
return "This password is too short."
breaches = int(form.pwned.data)
except ValueError:
breaches = -1
if breaches > 0:
return f"This password appears in {breaches} data breaches! It is not unique; please change it."
return None

Loading…
Cancel
Save