You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by de...@apache.org on 2017/05/30 16:07:14 UTC

[2/4] incubator-trafficcontrol git commit: Add TO password blacklist

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/fa957985/traffic_ops/app/lib/API/User.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/API/User.pm b/traffic_ops/app/lib/API/User.pm
index 1d771e7..20d92ba 100644
--- a/traffic_ops/app/lib/API/User.pm
+++ b/traffic_ops/app/lib/API/User.pm
@@ -583,6 +583,10 @@ sub is_good_password {
 		return "Password must be greater than 7 chars.";
 	}
 
+	if ( defined($self->app->{invalid_passwords}->{$value}) ) {
+		return "Password is too common.";
+	}
+
 	# At this point we're happy with the password
 	return undef;
 }

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/fa957985/traffic_ops/app/lib/MojoPlugins/Validation.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/MojoPlugins/Validation.pm b/traffic_ops/app/lib/MojoPlugins/Validation.pm
index e9e3482..6d35a92 100755
--- a/traffic_ops/app/lib/MojoPlugins/Validation.pm
+++ b/traffic_ops/app/lib/MojoPlugins/Validation.pm
@@ -77,6 +77,17 @@ sub register {
 			}
 		}
 	);
+
+	$app->renderer->add_helper(
+		is_password_uncommon => sub {
+			my $self  = shift;
+			my $pass = $self->param('tm_user.local_passwd');
+			my %blacklist = %{$self->app->{invalid_passwords}};
+			if ( defined($pass) && defined(%blacklist->{$pass}) ) {
+				$self->field('tm_user.local_passwd')->is_like( qr/ . $pass . /, "Password is too common." );
+			}
+		}
+	);
 }
 
 package MojoPlugins::Validation::Functions;

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/fa957985/traffic_ops/app/lib/TrafficOps.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/TrafficOps.pm b/traffic_ops/app/lib/TrafficOps.pm
index b2aeca2..89db9bf 100644
--- a/traffic_ops/app/lib/TrafficOps.pm
+++ b/traffic_ops/app/lib/TrafficOps.pm
@@ -94,6 +94,7 @@ sub startup {
 	$self->validate_cdn_conf();
 	$self->setup_mojo_plugins();
 	$self->set_secrets();
+	$self->load_password_blacklist();
 
 	$self->log->info("-------------------------------------------------------------");
 	$self->log->info( "TrafficOps version: " . Utils::Helper::Version->current() . " is starting." );
@@ -349,6 +350,19 @@ sub setup_mojo_plugins {
 
 }
 
+sub load_password_blacklist {
+	my $self = shift;
+	my $path = find_conf_path("invalid_passwords.txt");
+	open( my $fn, '<', $path ) || die("invalid_passwords.txt $!\n");
+	my $invalid_passwords = {};
+	while ( my $line = <$fn> ) {
+		chomp($line);
+		$invalid_passwords->{$line} = 1;
+	}
+	close($fn);
+	$self->{invalid_passwords} = $invalid_passwords;
+}
+
 sub check_token {
 	my $self  = shift;
 	my $token = shift;

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/fa957985/traffic_ops/app/lib/UI/User.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/UI/User.pm b/traffic_ops/app/lib/UI/User.pm
index d21cbd9..c0ce087 100644
--- a/traffic_ops/app/lib/UI/User.pm
+++ b/traffic_ops/app/lib/UI/User.pm
@@ -271,6 +271,7 @@ sub is_valid {
 
 	$self->field('tm_user.local_passwd')->is_equal( 'tm_user.confirm_local_passwd', "The 'Password' and 'Confirm Password' must match." );
 	$self->field('tm_user.local_passwd')->is_like( qr/^.{8,100}$/, "Password must be greater than 7 chars." );
+	$self->is_password_uncommon();
 
 	return $self->valid;
 }