def _validate_password(password, username=None, email=None):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, six.string_types,
accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(text_type(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
def _validate_password(password, username=None):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we take `username` as an argument.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, basestring, accounts.PASSWORD_BAD_TYPE_MSG)
validate_password(password, username=username)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(text_type(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(validation_err.message)
def _validate_password(password, username=None):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we take `username` as an argument.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, basestring, accounts.PASSWORD_BAD_TYPE_MSG)
if len(password) == 0:
raise errors.AccountPasswordInvalid(accounts.PASSWORD_EMPTY_MSG)
elif len(password) < accounts.PASSWORD_MIN_LENGTH:
raise errors.AccountPasswordInvalid(
accounts.PASSWORD_BAD_MIN_LENGTH_MSG)
elif len(password) > accounts.PASSWORD_MAX_LENGTH:
raise errors.AccountPasswordInvalid(
accounts.PASSWORD_BAD_MAX_LENGTH_MSG)
_validate_password_works_with_username(password, username)
except (errors.AccountDataBadType,
errors.AccountDataBadLength) as invalid_password_err:
raise errors.AccountPasswordInvalid(text_type(invalid_password_err))
def _validate_password(password,
username=None,
email=None,
reset_password_page=False):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
reset_password_page (bool): The flag that determines the validation page.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, str, accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(str(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
if ((settings.ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY
and reset_password_page)
or (settings.ENABLE_AUTHN_REGISTER_HIBP_POLICY
and not reset_password_page)):
pwned_response = check_pwned_password(password)
if pwned_response.get('vulnerability', 'no') == 'yes':
if (reset_password_page or pwned_response.get('frequency', 0) >=
settings.HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD):
raise errors.AccountPasswordInvalid(
accounts.AUTHN_PASSWORD_COMPROMISED_MSG)
def _validate_password(password,
username=None,
email=None,
reset_password_page=False):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
reset_password_page (bool): The flag that determines the validation page.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, str, accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(str(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
# TODO: VAN-666 - Restrict this feature to reset password page for now until it is
# enabled on account sign in and register.
if settings.ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY and reset_password_page:
pwned_response = check_pwned_password(password)
if pwned_response.get('vulnerability', 'no') == 'yes':
raise errors.AccountPasswordInvalid(
accounts.AUTHN_PASSWORD_COMPROMISED_MSG)
def _validate_password_works_with_username(password, username=None):
"""Run validation checks on whether the password and username
go well together.
An example check is to see whether they are the same.
:param password: The proposed password (unicode).
:param username: The username associated with the user's account (unicode).
:return: None
:raises: errors.AccountPasswordInvalid
"""
if password == username:
raise errors.AccountPasswordInvalid(accounts.PASSWORD_CANT_EQUAL_USERNAME_MSG) # lint-amnesty, pylint: disable=no-member
