From cf0da8ebe0b8865c85cc41310b6cac5284f13a80 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Sat, 3 Sep 2011 11:12:30 -0700 Subject: [PATCH] Increase maximum password length and enforce it. --- r2/r2/controllers/validator/validator.py | 9 ++++----- r2/r2/templates/login.html | 5 +++-- r2/r2/templates/loginformwide.html | 3 ++- r2/r2/templates/prefupdate.html | 7 ++++--- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/r2/r2/controllers/validator/validator.py b/r2/r2/controllers/validator/validator.py index c812463d0..5d0201b59 100644 --- a/r2/r2/controllers/validator/validator.py +++ b/r2/r2/controllers/validator/validator.py @@ -795,14 +795,13 @@ class VSubmitSR(Validator): return sr -pass_rx = re.compile(r"\A.{3,20}\Z") - -def chkpass(x): - return x if x and pass_rx.match(x) else None +MIN_PASSWORD_LENGTH = 3 +MAX_PASSWORD_LENGTH = 256 class VPassword(Validator): def run(self, password, verify): - if not chkpass(password): + if not (password and + MIN_PASSWORD_LENGTH < len(password) < MAX_PASSWORD_LENGTH): self.set_error(errors.BAD_PASSWORD) elif verify != password: self.set_error(errors.BAD_PASSWORD_MATCH) diff --git a/r2/r2/templates/login.html b/r2/r2/templates/login.html index 879bd1353..325f69b2c 100644 --- a/r2/r2/templates/login.html +++ b/r2/r2/templates/login.html @@ -24,6 +24,7 @@ from r2.lib.template_helpers import add_sr from r2.lib.strings import strings from r2.lib.utils import UrlParser + from r2.controllers.validator import MAX_PASSWORD_LENGTH import random %> <%namespace file="captcha.html" import="captchagen"/> @@ -87,7 +88,7 @@
  • + maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/> %if register: ${error_field("BAD_PASSWORD", "passwd", kind="span")} %else: @@ -98,7 +99,7 @@
  • + type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/> ${error_field("BAD_PASSWORD_MATCH", "passwd2", kind="span")}
  • diff --git a/r2/r2/templates/loginformwide.html b/r2/r2/templates/loginformwide.html index a8146ed6f..6f26f31df 100644 --- a/r2/r2/templates/loginformwide.html +++ b/r2/r2/templates/loginformwide.html @@ -22,6 +22,7 @@ <%! from r2.lib.template_helpers import add_sr from r2.lib.utils import UrlParser + from r2.controllers.validator import MAX_PASSWORD_LENGTH import random %> @@ -41,7 +42,7 @@ %endif - +
    diff --git a/r2/r2/templates/prefupdate.html b/r2/r2/templates/prefupdate.html index 03c784ad2..c4591e6e3 100644 --- a/r2/r2/templates/prefupdate.html +++ b/r2/r2/templates/prefupdate.html @@ -22,6 +22,7 @@ <%namespace file="utils.html" import="error_field"/> <%namespace name="utils" file="utils.html"/> +<% from r2.controllers.validator import MAX_PASSWORD_LENGTH %>

    %if thing.email and thing.password: @@ -63,7 +64,7 @@
    <%utils:round_field title="${_('current password')}" description="${_('(required)')}"> - + ${error_field("WRONG_PASSWORD", "curpass")}
    @@ -78,14 +79,14 @@ %if thing.password:
    <%utils:round_field title="${_('new password')}"> - + ${error_field("BAD_PASSWORD", "newpass")}
    <%utils:round_field title="${_('verify password')}"> - + ${error_field("BAD_PASSWORD_MATCH", "verpass")}