You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by ra...@apache.org on 2018/09/21 22:57:16 UTC
[trafficcontrol] 02/02: Updated according to PR comments
This is an automated email from the ASF dual-hosted git repository.
rawlin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
commit 8995906cf717611999058a6a9d10abe9c070cf3c
Author: moltzaum <ma...@moltzau.net>
AuthorDate: Fri Sep 21 12:40:52 2018 -0600
Updated according to PR comments
---
.../traffic_ops_golang/auth/authenticate_test.go | 32 ++++++++++++---
.../traffic_ops_golang/auth/password_check.go | 47 +++++++++++-----------
2 files changed, 51 insertions(+), 28 deletions(-)
diff --git a/traffic_ops/traffic_ops_golang/auth/authenticate_test.go b/traffic_ops/traffic_ops_golang/auth/authenticate_test.go
index 99d636f..3333b4d 100644
--- a/traffic_ops/traffic_ops_golang/auth/authenticate_test.go
+++ b/traffic_ops/traffic_ops_golang/auth/authenticate_test.go
@@ -20,7 +20,6 @@ package auth
*/
import (
- "github.com/apache/trafficcontrol/lib/go-log"
"testing"
)
@@ -52,18 +51,41 @@ func TestScryptPasswordIsRequired(t *testing.T) {
}
}
-func TestPasswordStrength(t *testing.T) {
+// The purpose of this test is to show that all password requirements are being met
+func TestUsernamePassword(t *testing.T) {
+
+ passwords := []string{"username", "password", "pa$$word", "", "red"}
+ expected := []bool{false, false, true, false, false}
+ LoadPasswordBlacklist("app/conf/invalid_passwords.txt")
+
+ for i, password := range passwords {
+ if ok, err := IsGoodLoginPair("username", password); ok != expected[i] {
+ if expected[i] {
+ t.Errorf("\"%s\" should have been marked as an invalid password", password)
+ } else {
+ t.Errorf("\"%s\" should be an ok password, but got the error: %v", password, err)
+ }
+ }
+ }
+
+ if ok, _ := IsGoodLoginPair("", "GoOdPa$$woRd"); ok {
+ t.Errorf("An empty username should not pass")
+ }
+}
+
+// The purpose of this test is to show that the file is being read, and we can tell if a password is in the file
+func TestCommonPassword(t *testing.T) {
passwords := []string{"password", "pa$$word"}
expected := []bool{true, false}
LoadPasswordBlacklist("app/conf/invalid_passwords.txt")
for i, password := range passwords {
- if IsInvalidPassword(password) != expected[i] {
+ if IsCommonPassword(password) != expected[i] {
if expected[i] {
- t.Errorf("%s should have been marked as an invalid password", password)
+ t.Errorf("\"%s\" should have been marked as an invalid password", password)
} else {
- t.Errorf("%s should be an ok password", password)
+ t.Errorf("\"%s\" should be an ok password", password)
}
}
}
diff --git a/traffic_ops/traffic_ops_golang/auth/password_check.go b/traffic_ops/traffic_ops_golang/auth/password_check.go
index 323723a..71efb5e 100644
--- a/traffic_ops/traffic_ops_golang/auth/password_check.go
+++ b/traffic_ops/traffic_ops_golang/auth/password_check.go
@@ -21,6 +21,7 @@ package auth
import (
"bufio"
+ "errors"
"fmt"
"os"
"strings"
@@ -29,17 +30,17 @@ import (
)
// A lookup table, bool will always be true
-var invalidPasswords map[string]bool
+var commonPasswords map[string]bool
// Expects a relative path from the traffic_ops directory
func LoadPasswordBlacklist(filePath string) error {
- if invalidPasswords == nil {
- invalidPasswords = make(map[string]bool)
- } else {
- return fmt.Errorf("Password blacklist is already loaded")
+ if commonPasswords != nil {
+ return errors.New("Password blacklist is already loaded")
}
+ commonPasswords = make(map[string]bool)
+
pwd, err := os.Getwd()
if err != nil {
return err
@@ -55,40 +56,40 @@ func LoadPasswordBlacklist(filePath string) error {
scanner := bufio.NewScanner(in)
for scanner.Scan() {
- invalidPasswords[scanner.Text()] = true
+ commonPasswords[scanner.Text()] = true
}
in.Close()
return scanner.Err()
}
-func IsInvalidPassword(pw string) bool {
- _, bad := invalidPasswords[pw]
- return bad
+func IsCommonPassword(pw string) bool {
+ _, yes := commonPasswords[pw]
+ return yes
}
-func IsGoodPassword(pw string, confirmPw string, username string) error {
+func IsGoodLoginPair(username string, password string) (bool, error) {
- if pw == "" {
- return nil
+ if username == "" {
+ return false, errors.New("Your username cannot be blank.")
}
- if pw != confirmPw {
- return fmt.Errorf("Passwords do not match.")
+ if username == password {
+ return false, errors.New("Your password cannot be your username.")
}
- if pw == username {
- return fmt.Errorf("Your password cannot be the same as your username.")
- }
+ return IsGoodPassword(password)
+}
+
+func IsGoodPassword(password string) (bool, error) {
- if len(pw) < 8 {
- return fmt.Errorf("Password must be greater than 7 chars.")
+ if len(password) < 8 {
+ return false, errors.New("Password must be greater than 7 characters.")
}
- if IsInvalidPassword(pw) {
- return fmt.Errorf("Password is too common.")
+ if IsCommonPassword(password) {
+ return false, errors.New("Password is too common.")
}
- // At this point we're happy with the password
- return nil
+ return true, nil
}