def password_empty_test(self): """Check if quality of an empty password is reported correctly.""" request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) # empty password is fine with emptyok policy self.assertEqual(check.result.status_text, _(constants.PasswordStatus.EMPTY.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # empty password should override password-too-short messages request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.minlen = 10 request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.EMPTY.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message)
def password_empty_ok_test(self): """Check if the empty_ok flag works correctly.""" request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.emptyok = True request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.EMPTY.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # empty_ok with password length request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.emptyok = True request.policy.minlen = 10 request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.EMPTY.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # non-empty passwords that are too short should still get a score of 0 & the "too short" message request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.emptyok = True request.policy.minlen = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 0) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.TOO_SHORT.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # also check a long-enough password, just in case request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.emptyok = True request.policy.minlen = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.WEAK.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message)
def test_password_empty_ok(self): """Check if the empty_ok flag works correctly.""" request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.allow_empty = True request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 assert check.result.status_text == _( constants.SecretStatus.EMPTY.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # empty_ok with password length request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.allow_empty = True request.policy.min_length = 10 request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 assert check.result.status_text == _( constants.SecretStatus.EMPTY.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # non-empty passwords that are too short should still get a score of 0 & the "too short" message request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.allow_empty = True request.policy.min_length = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 0 assert check.result.status_text == _( constants.SecretStatus.TOO_SHORT.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # also check a long-enough password, just in case request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.allow_empty = True request.policy.min_length = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 assert check.result.status_text == _(constants.SecretStatus.WEAK.value) assert check.result.password_quality == 0 assert check.result.error_message is not None
def _validate_password(self, password, confirm): """Validate and process user password.""" if password != confirm: self._report( _(constants.SECRET_CONFIRM_ERROR_TUI[self._secret_type])) return None # If an empty password was provided, unset the value if not password: return "" # prepare a password validation request password_check_request = input_checking.PasswordCheckRequest() password_check_request.password = password password_check_request.password_confirmation = "" password_check_request.policy = self._policy # validate the password password_check = input_checking.PasswordValidityCheck() password_check.run(password_check_request) # if the score is equal to 0 and we have an error message set if not password_check.result.password_score and password_check.result.error_message: self._report(password_check.result.error_message) return None if password_check.result.password_quality < self._policy.min_quality: if self._policy.is_strict: done_msg = "" else: done_msg = _("\nWould you like to use it anyway?") if password_check.result.error_message: weak_prefix = _( constants.SECRET_WEAK_WITH_ERROR[self._secret_type]) error = "{} {} {}".format(weak_prefix, password_check.result.error_message, done_msg) else: weak_prefix = _(constants.SECRET_WEAK[self._secret_type]) error = "{} {}".format(weak_prefix, done_msg) if not self._policy.is_strict: question_window = YesNoDialog(error) ScreenHandler.push_screen_modal(question_window) if not question_window.answer: return None else: self._report(error) return None if any(char not in constants.PW_ASCII_CHARS for char in password): self._report(_(constants.SECRET_ASCII[self._secret_type])) return self._process_password(password)
def password_length_test(self): """Check if minimal password length is checked properly.""" # first check if the default minimal password length is checked correctly # (should be 6 characters at the moment) request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 0) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.TOO_SHORT.value)) # weak but long enough request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 1) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.WEAK.value)) # check if setting password length works correctly request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.minlen = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 0) self.assertEqual(check.result.status_text, _(constants.PasswordStatus.TOO_SHORT.value)) request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.minlen = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertGreater(check.result.password_score, 0) self.assertNotEqual(check.result.status_text, _(constants.PasswordStatus.TOO_SHORT.value))
def test_password_length(self): """Check if minimal password length is checked properly.""" # first check if the default minimal password length is checked correctly # (should be 6 characters at the moment) request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 0 assert check.result.status_text == _( constants.SecretStatus.TOO_SHORT.value) # weak but long enough request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 assert check.result.status_text == _(constants.SecretStatus.WEAK.value) # check if setting password length works correctly request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.min_length = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 0 assert check.result.status_text == _( constants.SecretStatus.TOO_SHORT.value) request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.min_length = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score > 0 assert check.result.status_text != _( constants.SecretStatus.TOO_SHORT.value)
def test_password_empty(self): """Check if quality of an empty password is reported correctly.""" request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 # empty password is fine with emptyok policy assert check.result.status_text == _( constants.SecretStatus.EMPTY.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # empty password should override password-too-short messages request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.min_length = 10 request.password = "" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 1 assert check.result.status_text == _( constants.SecretStatus.EMPTY.value) assert check.result.password_quality == 0 assert check.result.error_message is not None
def password_quality_test(self): """Check if libpwquality gives reasonable numbers & score is assigned correctly.""" # " " should give score 0 (<6 chars) & quality 0 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertEqual(check.result.password_score, 0) self.assertEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # "anaconda" is a dictionary word request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertGreater(check.result.password_score, 0) self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.EMPTY.value)) self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # "jelenovipivonelej" is a palindrome request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertGreater(check.result.password_score, 0) self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.EMPTY.value)) self.assertNotEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value)) self.assertEqual(check.result.password_quality, 0) self.assertIsNotNone(check.result.error_message) # "4naconda-" gives a quality of 27 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertIs(check.result.error_message, "") # "4naconda----" gives a quality of 52 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertIs(check.result.error_message, "") # "----4naconda----" gives a quality of 80 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) self.assertIs(check.result.error_message, "") # "?----4naconda----?" gives a quality of 100 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere self.assertEqual(check.result.password_score, 4) # quality > 90 self.assertEqual(check.result.status_text, _(constants.SecretStatus.STRONG.value)) self.assertEqual(check.result.password_quality, 100) self.assertIs(check.result.error_message, "") # a long enough strong password with minlen set request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.minlen = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere self.assertEqual(check.result.password_score, 4) # quality > 90 self.assertEqual(check.result.status_text, _(constants.SecretStatus.STRONG.value)) self.assertEqual(check.result.password_quality, 100) self.assertIs(check.result.error_message, "") # minimum password length overrides strong passwords for score and status request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.minlen = 30 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere self.assertEqual(check.result.password_score, 0) # too short self.assertEqual(check.result.status_text, _(constants.SecretStatus.TOO_SHORT.value)) self.assertEqual(check.result.password_quality, 0) # dependent on password length self.assertIs(check.result.error_message, _(constants.SECRET_TOO_SHORT[constants.SecretType.PASSWORD]))
def test_password_quality(self): """Check if libpwquality gives reasonable numbers & score is assigned correctly.""" # " " should give score 0 (<6 chars) & quality 0 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score == 0 assert check.result.status_text == _( constants.SecretStatus.TOO_SHORT.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # "anaconda" is a dictionary word request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score > 0 assert check.result.status_text != _( constants.SecretStatus.EMPTY.value) assert check.result.status_text != _( constants.SecretStatus.TOO_SHORT.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # "jelenovipivonelej" is a palindrome request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.password_score > 0 assert check.result.status_text != _( constants.SecretStatus.EMPTY.value) assert check.result.status_text != _( constants.SecretStatus.TOO_SHORT.value) assert check.result.password_quality == 0 assert check.result.error_message is not None # "4naconda-" gives a quality of 27 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.error_message == "" # "4naconda----" gives a quality of 52 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.error_message == "" # "----4naconda----" gives a quality of 80 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) assert check.result.error_message == "" # "?----4naconda----?" gives a quality of 100 on RHEL7 request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere assert check.result.password_score == 4 # quality > 90 assert check.result.status_text == _( constants.SecretStatus.STRONG.value) assert check.result.password_quality == 100 assert check.result.error_message == "" # a long enough strong password with minlen set request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.min_length = 10 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere assert check.result.password_score == 4 # quality > 90 assert check.result.status_text == _( constants.SecretStatus.STRONG.value) assert check.result.password_quality == 100 assert check.result.error_message == "" # minimum password length overrides strong passwords for score and status request = input_checking.PasswordCheckRequest() request.policy = get_policy() request.policy.min_length = 30 request.password = "******" check = input_checking.PasswordValidityCheck() check.run(request) # this should (hopefully) give quality 100 everywhere assert check.result.password_score == 0 # too short assert check.result.status_text == _( constants.SecretStatus.TOO_SHORT.value) assert check.result.password_quality == 0 # dependent on password length assert check.result.error_message == \ _(constants.SECRET_TOO_SHORT[constants.SecretType.PASSWORD])
def _validate_password(self, password, confirm): """Validate and process user password.""" if (password and not confirm) or (confirm and not password): self._report( _("You must enter your root password and confirm it by typing" " it a second time to continue.")) return None if password != confirm: self._report( _(constants.PASSWORD_CONFIRM_ERROR_TUI) % {"password_name_plural": _(constants.NAME_OF_PASSWORD_PLURAL)}) return None # If an empty password was provided, unset the value if not password: return "" # prepare a password validation request password_check_request = input_checking.PasswordCheckRequest() password_check_request.password = password password_check_request.password_confirmation = "" password_check_request.policy = self._policy # validate the password password_check = input_checking.PasswordValidityCheck() password_check.run(password_check_request) # if the score is equal to 0 and we have an error message set if not password_check.result.password_score and password_check.result.error_message: self._report(password_check.result.error_message) return None if password_check.result.password_quality < self._policy.minquality: if self._policy.strict: done_msg = "" else: done_msg = _("\nWould you like to use it anyway?") if password_check.result.error_message: error_prefix = _(constants.PASSWORD_WEAK_WITH_ERROR) % { "password_name": _(constants.NAME_OF_PASSWORD), "error_message": password_check.result.error_message } error = "{} {}".format(error_prefix, done_msg) else: weak_prefix = _(constants.PASSWORD_WEAK) % { "password_name": _(constants.NAME_OF_PASSWORD) } error = "{} {}".format(weak_prefix, done_msg) if not self._policy.strict: question_window = YesNoDialog(error) ScreenHandler.push_screen_modal(question_window) if not question_window.answer: return None else: self._report(error) return None if any(char not in constants.PW_ASCII_CHARS for char in password): self._report( _("You have provided a password containing non-ASCII characters.\n" "You may not be able to switch between keyboard layouts to login.\n" )) return cryptPassword(password)