def password_empty_test(self):
"""Check if quality of an empty password is reported correctly."""
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score,
1) # empty password is fine with emptyok policy
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.EMPTY.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# empty password should override password-too-short messages
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.minlen = 10
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 1)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.EMPTY.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
def password_empty_ok_test(self):
"""Check if the empty_ok flag works correctly."""
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.emptyok = True
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 1)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.EMPTY.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# empty_ok with password length
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.emptyok = True
request.policy.minlen = 10
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 1)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.EMPTY.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# non-empty passwords that are too short should still get a score of 0 & the "too short" message
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.emptyok = True
request.policy.minlen = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 0)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.TOO_SHORT.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# also check a long-enough password, just in case
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.emptyok = True
request.policy.minlen = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 1)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.WEAK.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
def test_password_empty_ok(self):
"""Check if the empty_ok flag works correctly."""
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.allow_empty = True
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1
assert check.result.status_text == _(
constants.SecretStatus.EMPTY.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# empty_ok with password length
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.allow_empty = True
request.policy.min_length = 10
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1
assert check.result.status_text == _(
constants.SecretStatus.EMPTY.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# non-empty passwords that are too short should still get a score of 0 & the "too short" message
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.allow_empty = True
request.policy.min_length = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 0
assert check.result.status_text == _(
constants.SecretStatus.TOO_SHORT.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# also check a long-enough password, just in case
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.allow_empty = True
request.policy.min_length = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1
assert check.result.status_text == _(constants.SecretStatus.WEAK.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
def _validate_password(self, password, confirm):
"""Validate and process user password."""
if password != confirm:
self._report(
_(constants.SECRET_CONFIRM_ERROR_TUI[self._secret_type]))
return None
# If an empty password was provided, unset the value
if not password:
return ""
# prepare a password validation request
password_check_request = input_checking.PasswordCheckRequest()
password_check_request.password = password
password_check_request.password_confirmation = ""
password_check_request.policy = self._policy
# validate the password
password_check = input_checking.PasswordValidityCheck()
password_check.run(password_check_request)
# if the score is equal to 0 and we have an error message set
if not password_check.result.password_score and password_check.result.error_message:
self._report(password_check.result.error_message)
return None
if password_check.result.password_quality < self._policy.min_quality:
if self._policy.is_strict:
done_msg = ""
else:
done_msg = _("\nWould you like to use it anyway?")
if password_check.result.error_message:
weak_prefix = _(
constants.SECRET_WEAK_WITH_ERROR[self._secret_type])
error = "{} {} {}".format(weak_prefix,
password_check.result.error_message,
done_msg)
else:
weak_prefix = _(constants.SECRET_WEAK[self._secret_type])
error = "{} {}".format(weak_prefix, done_msg)
if not self._policy.is_strict:
question_window = YesNoDialog(error)
ScreenHandler.push_screen_modal(question_window)
if not question_window.answer:
return None
else:
self._report(error)
return None
if any(char not in constants.PW_ASCII_CHARS for char in password):
self._report(_(constants.SECRET_ASCII[self._secret_type]))
return self._process_password(password)
def password_length_test(self):
"""Check if minimal password length is checked properly."""
# first check if the default minimal password length is checked correctly
# (should be 6 characters at the moment)
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 0)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.TOO_SHORT.value))
# weak but long enough
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 1)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.WEAK.value))
# check if setting password length works correctly
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.minlen = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 0)
self.assertEqual(check.result.status_text,
_(constants.PasswordStatus.TOO_SHORT.value))
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.minlen = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertGreater(check.result.password_score, 0)
self.assertNotEqual(check.result.status_text,
_(constants.PasswordStatus.TOO_SHORT.value))
def test_password_length(self):
"""Check if minimal password length is checked properly."""
# first check if the default minimal password length is checked correctly
# (should be 6 characters at the moment)
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 0
assert check.result.status_text == _(
constants.SecretStatus.TOO_SHORT.value)
# weak but long enough
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1
assert check.result.status_text == _(constants.SecretStatus.WEAK.value)
# check if setting password length works correctly
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.min_length = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 0
assert check.result.status_text == _(
constants.SecretStatus.TOO_SHORT.value)
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.min_length = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score > 0
assert check.result.status_text != _(
constants.SecretStatus.TOO_SHORT.value)
def test_password_empty(self):
"""Check if quality of an empty password is reported correctly."""
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1 # empty password is fine with emptyok policy
assert check.result.status_text == _(
constants.SecretStatus.EMPTY.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# empty password should override password-too-short messages
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.min_length = 10
request.password = ""
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 1
assert check.result.status_text == _(
constants.SecretStatus.EMPTY.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
def password_quality_test(self):
"""Check if libpwquality gives reasonable numbers & score is assigned correctly."""
# " " should give score 0 (<6 chars) & quality 0
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertEqual(check.result.password_score, 0)
self.assertEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# "anaconda" is a dictionary word
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertGreater(check.result.password_score, 0)
self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.EMPTY.value))
self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# "jelenovipivonelej" is a palindrome
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertGreater(check.result.password_score, 0)
self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.EMPTY.value))
self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value))
self.assertEqual(check.result.password_quality, 0)
self.assertIsNotNone(check.result.error_message)
# "4naconda-" gives a quality of 27 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertIs(check.result.error_message, "")
# "4naconda----" gives a quality of 52 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertIs(check.result.error_message, "")
# "----4naconda----" gives a quality of 80 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
self.assertIs(check.result.error_message, "")
# "?----4naconda----?" gives a quality of 100 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
self.assertEqual(check.result.password_score, 4) # quality > 90
self.assertEqual(check.result.status_text, _(constants.SecretStatus.STRONG.value))
self.assertEqual(check.result.password_quality, 100)
self.assertIs(check.result.error_message, "")
# a long enough strong password with minlen set
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.minlen = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
self.assertEqual(check.result.password_score, 4) # quality > 90
self.assertEqual(check.result.status_text, _(constants.SecretStatus.STRONG.value))
self.assertEqual(check.result.password_quality, 100)
self.assertIs(check.result.error_message, "")
# minimum password length overrides strong passwords for score and status
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.minlen = 30
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
self.assertEqual(check.result.password_score, 0) # too short
self.assertEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value))
self.assertEqual(check.result.password_quality, 0) # dependent on password length
self.assertIs(check.result.error_message,
_(constants.SECRET_TOO_SHORT[constants.SecretType.PASSWORD]))
def test_password_quality(self):
"""Check if libpwquality gives reasonable numbers & score is assigned correctly."""
# " " should give score 0 (<6 chars) & quality 0
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score == 0
assert check.result.status_text == _(
constants.SecretStatus.TOO_SHORT.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# "anaconda" is a dictionary word
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score > 0
assert check.result.status_text != _(
constants.SecretStatus.EMPTY.value)
assert check.result.status_text != _(
constants.SecretStatus.TOO_SHORT.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# "jelenovipivonelej" is a palindrome
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.password_score > 0
assert check.result.status_text != _(
constants.SecretStatus.EMPTY.value)
assert check.result.status_text != _(
constants.SecretStatus.TOO_SHORT.value)
assert check.result.password_quality == 0
assert check.result.error_message is not None
# "4naconda-" gives a quality of 27 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.error_message == ""
# "4naconda----" gives a quality of 52 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.error_message == ""
# "----4naconda----" gives a quality of 80 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
assert check.result.error_message == ""
# "?----4naconda----?" gives a quality of 100 on RHEL7
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
assert check.result.password_score == 4 # quality > 90
assert check.result.status_text == _(
constants.SecretStatus.STRONG.value)
assert check.result.password_quality == 100
assert check.result.error_message == ""
# a long enough strong password with minlen set
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.min_length = 10
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
assert check.result.password_score == 4 # quality > 90
assert check.result.status_text == _(
constants.SecretStatus.STRONG.value)
assert check.result.password_quality == 100
assert check.result.error_message == ""
# minimum password length overrides strong passwords for score and status
request = input_checking.PasswordCheckRequest()
request.policy = get_policy()
request.policy.min_length = 30
request.password = "******"
check = input_checking.PasswordValidityCheck()
check.run(request)
# this should (hopefully) give quality 100 everywhere
assert check.result.password_score == 0 # too short
assert check.result.status_text == _(
constants.SecretStatus.TOO_SHORT.value)
assert check.result.password_quality == 0 # dependent on password length
assert check.result.error_message == \
_(constants.SECRET_TOO_SHORT[constants.SecretType.PASSWORD])
def _validate_password(self, password, confirm):
"""Validate and process user password."""
if (password and not confirm) or (confirm and not password):
self._report(
_("You must enter your root password and confirm it by typing"
" it a second time to continue."))
return None
if password != confirm:
self._report(
_(constants.PASSWORD_CONFIRM_ERROR_TUI) %
{"password_name_plural": _(constants.NAME_OF_PASSWORD_PLURAL)})
return None
# If an empty password was provided, unset the value
if not password:
return ""
# prepare a password validation request
password_check_request = input_checking.PasswordCheckRequest()
password_check_request.password = password
password_check_request.password_confirmation = ""
password_check_request.policy = self._policy
# validate the password
password_check = input_checking.PasswordValidityCheck()
password_check.run(password_check_request)
# if the score is equal to 0 and we have an error message set
if not password_check.result.password_score and password_check.result.error_message:
self._report(password_check.result.error_message)
return None
if password_check.result.password_quality < self._policy.minquality:
if self._policy.strict:
done_msg = ""
else:
done_msg = _("\nWould you like to use it anyway?")
if password_check.result.error_message:
error_prefix = _(constants.PASSWORD_WEAK_WITH_ERROR) % {
"password_name": _(constants.NAME_OF_PASSWORD),
"error_message": password_check.result.error_message
}
error = "{} {}".format(error_prefix, done_msg)
else:
weak_prefix = _(constants.PASSWORD_WEAK) % {
"password_name": _(constants.NAME_OF_PASSWORD)
}
error = "{} {}".format(weak_prefix, done_msg)
if not self._policy.strict:
question_window = YesNoDialog(error)
ScreenHandler.push_screen_modal(question_window)
if not question_window.answer:
return None
else:
self._report(error)
return None
if any(char not in constants.PW_ASCII_CHARS for char in password):
self._report(
_("You have provided a password containing non-ASCII characters.\n"
"You may not be able to switch between keyboard layouts to login.\n"
))
return cryptPassword(password)
