def validate_password(password):
pattern = CONF.security_compliance.password_regex
if pattern:
if not isinstance(password, six.string_types):
detail = _("Password must be a string type")
raise exception.PasswordValidationError(detail=detail)
try:
if not re.match(pattern, password):
pattern_desc = (
CONF.security_compliance.password_regex_description)
raise exception.PasswordRequirementsValidationError(
detail=pattern_desc)
except re.error:
msg = ("Unable to validate password due to invalid regular "
"expression - password_regex: ")
LOG.error(msg, pattern)
detail = _("Unable to validate password due to invalid "
"configuration")
raise exception.PasswordValidationError(detail=detail)
def _validate_password_history(self, password, user_ref):
unique_cnt = CONF.security_compliance.unique_last_password_count
# Slice off all of the extra passwords.
user_ref.local_user.passwords = (
user_ref.local_user.passwords[-unique_cnt:])
# Validate the new password against the remaining passwords.
if unique_cnt > 1:
for password_ref in user_ref.local_user.passwords:
if utils.check_password(password, password_ref.password):
detail = _('The new password cannot be identical to a '
'previous password. The number of previous '
'passwords that must be unique is: '
'%(unique_cnt)d') % {'unique_cnt': unique_cnt}
raise exception.PasswordValidationError(detail=detail)
