def test_strength(self):
meter = pwm.Meter()
passwords = (
'',
' ',
'password',
'password1',
'pssa',
'pssawrd',
'pss4wr',
'pss4wr0d',
'p$$4wr0d!',
'p$$4WR0d!',
'p$4$WR0d!',
'my voice is my p$$4WR0d!',
'mY voiCE is my p$$4WR0d!',
'mY voiC3 !s m-y p$$4WR0d!',
)
for idx, pw0 in enumerate(passwords[:-1]):
pw1 = passwords[idx + 1]
sc0 = meter.test(pw0)[0]
sc1 = meter.test(pw1)[0]
self.assertLessEqual(
sc0, sc1,
'expected password "%s" (%f) to be as strong or stronger than "%s" (%f)'
% (pw1, sc1, pw0, sc0))
def test_factorsAsList(self):
self.assertEqual(
pwm.Meter(settings=dict(
factors=['length', TestFactor])).test('short')[1], {
'test': 'test value is: short',
'length': 'Increase the length of the password'
})
def test_factorsAsString(self):
self.assertEqual(
pwm.Meter(settings=dict(
factors='length,passwordmeter.test_passwordmeter.TestFactor')).
test('short')[1], {
'test': 'test value is: short',
'length': 'Increase the length of the password'
})
def test_supplementalFactor(self):
settings = dict()
settings[
'factor.test.class'] = 'passwordmeter.test_passwordmeter.TestFactor'
settings['factor.test.prefix'] = 'test value (with prefix) is'
res = pwm.Meter(settings=settings).test('short')
self.assertEqual(
sorted(res[1]),
['casemix', 'charmix', 'length', 'notword', 'phrase', 'test'])
self.assertEqual(res[1]['test'], 'test value (with prefix) is: short')
def test_password(text):
with model.session_scope() as session:
setting = config.get_setting(session, 'pass_threshold')
threshold = float(setting)
password_tester = passwordmeter.Meter(settings={
'threshold': threshold,
'pessimism': 10,
'factor.casemix.weight': 0.3})
strength, improvements = password_tester.test(text)
return strength, threshold, improvements
def check_password_strength(password):
"""
:param password: string password
:return: a float from 0-1.0 representing password strength,
and an array of possible suggestions for how to improve
"""
if most_common_pass.is_worst(password.lower()):
return 0.00, ["This is one of the 10K most common passwords"]
meter = passwordmeter.Meter(settings=dict(
factors=passwordmeter.DEFAULT_FACTORS))
strength, improvements = meter.test(password)
return strength, elucidate_improvements(improvements)
def reset_password(token):
email = check_token(token, current_app)
if not email:
current_app.logger.info("token has expired.")
flash("Link has expired", "error")
abort(400)
form = SetPasswordForm()
user = User.query.filter_by(email=email).first()
if not user:
return redirect(url_for("auth.login"))
if form.validate_on_submit():
password = form.password.data.strip()
meter = passwordmeter.Meter(settings=dict(
factors="length,variety,phrase,notword,casemix"))
strength, improvements = meter.test(password)
stats = PasswordStats(password)
if strength < 0.7 or stats.length < 10 or stats.sequences_length > 1 or stats.weakness_factor:
flash(
"""Your password is too weak. It has to be at least 10 characters long and use a mix of numbers, special
characters as well as upper and lowercase letters. Avoid using common patterns and repeated characters.""",
"error",
)
return render_template("auth/reset_password.html",
form=SetPasswordForm(),
token=token,
user=user)
user.password = hash_password(password)
db.session.commit()
# TODO send email notification of password reset?
return render_template("auth/password_updated.html",
form=form,
token=token,
user=user)
return render_template("auth/reset_password.html",
form=form,
token=token,
user=user)
def confirm_account(token):
email = check_token(token, current_app)
if not email:
current_app.logger.info("token has expired.")
flash("Link has expired", "error")
abort(400)
form = SetPasswordForm()
user = User.query.filter_by(email=email).first()
if not user:
abort(404)
if user.active:
flash("Account already confirmed and password set")
return redirect(url_for("register.completed", user_email=user.email))
if form.validate_on_submit():
password = form.password.data.strip()
meter = passwordmeter.Meter(settings=dict(
factors="length,variety,phrase,notword,casemix"))
strength, improvements = meter.test(password)
if strength < 0.7:
flash(
"Your password is too weak. Use a mix of numbers as well as upper and lowercase letters",
"error")
return render_template("register/set_account_password.html",
form=SetPasswordForm(),
token=token,
user=user)
user.active = True
user.password = hash_password(password)
user.confirmed_at = datetime.datetime.utcnow()
db.session.add(user)
db.session.commit()
return redirect(url_for("register.completed", user_email=user.email))
return render_template("register/set_account_password.html",
form=form,
token=token,
user=user)
def reset_password(token):
email = check_token(token, current_app)
if not email:
current_app.logger.info("token has expired.")
flash("Link has expired", "error")
abort(400)
form = SetPasswordForm()
user = User.query.filter_by(email=email).first()
if not user:
return redirect(url_for("auth.login"))
if form.validate_on_submit():
password = form.password.data.strip()
meter = passwordmeter.Meter(settings=dict(
factors="length,variety,phrase,notword,casemix"))
strength, improvements = meter.test(password)
if strength < 0.7:
flash(
"Your password is too weak. Use a mix of numbers as well as upper and lowercase letters",
"error")
return render_template("auth/reset_password.html",
form=SetPasswordForm(),
token=token,
user=user)
user.password = hash_password(password)
db.session.add(user)
db.session.commit()
# TODO send email notification of password reset?
return render_template("auth/password_updated.html",
form=form,
token=token,
user=user)
return render_template("auth/reset_password.html",
form=form,
token=token,
user=user)
import passwordmeter
from src.services.main import *
data_service = DataService()
password_checker = passwordmeter.Meter(settings=dict(factors='length,charmix'))
def check_registration_input(user_name, password, re_entered_password):
errors = []
user_name_exists = data_service.check_if_user_name_exists(user_name)
strength, improvements = password_checker.test(password)
if len(user_name) < 5:
errors.append(
str(len(errors) + 1) +
'. User Name must contain atleast 5 characters.')
if user_name_exists:
errors.append(str(len(errors) + 1) + '. User Name already exists.')
if strength < 0.7:
errors.append(
str(len(errors) + 1) +
'. Password too weak. Try a strong password.')
if password != re_entered_password:
errors.append(
str(len(errors) + 1) +
'. Password and Re-entered password do not match.')
return errors
def test_notword(self):
self.assertEqual(
pwm.Meter(settings=dict(factors='notword')).test('password')[0], 0)
self.assertEqual(
pwm.Meter(settings=dict(factors='notword')).test('not0klsd@#$')[0],
1)
# -*- encoding:utf-8 -*-
from flask_mongoengine.wtf import model_form
from flask_login import current_user
from flask_babel import lazy_gettext, gettext
from wtforms import ValidationError
from wtforms.fields.html5 import EmailField
from erks.utils import password_hash
from .models import User
from erks.utils.form.validators import image_file_validator
import wtforms as wtf
import passwordmeter
from erks.erks_bps.project_group.models import ProjectGroup
pmeter = passwordmeter.Meter(settings=dict(factors='charmix'))
class BaseHtmlMixIn(object):
def base_html(self):
project_group = ProjectGroup.objects.get(slug='default')
if project_group and project_group.has_theme():
return 'theme/{theme_key}/base_{theme_key}.html'.format(
theme_key=project_group.theme_key)
else:
return "base.html"
# def theme_page(self, page):
# project_group = ProjectGroup.objects.get(slug='default')
# if project_group and project_group.has_theme():
# return 'theme/{theme_key}/{page}_{theme_key}.html'.format(page=page, theme_key=project_group.theme_key)
#import dependancies
import uuid
import passwordmeter
import datetime
import jwt
from flask import request
from werkzeug.security import generate_password_hash, check_password_hash
from webapi.helper_functions import check_registration_input, check_password_reset
meter = passwordmeter.Meter(settings=dict(factors='length'))
def register_helper(User):
status_code = 500
statement = {}
username = request.data['username'].strip()
email = request.data['email'].strip()
password = request.data['password'].strip()
if check_registration_input(username, email, password):
status_code = 400
statement = (check_registration_input(username, email, password))
else:
password_strength, improvements = meter.test(password)
if password_strength < 0.5:
status_code = 400
statement = {
"message": "At least 6 characters required for password"
}
else: