-
- Downloads
Restrict password alphabet to SASLprep-safe ASCII subset
Prior to this change user passwords were not validated on change aside from their length, but validated on login/bind by ldap3 with SASLprep. Instead of using SASLprep on password change, this change restricts passwords to 7-bit ASCII without control characters. Control characters are forbidden by SASLprep. Multi-byte characters are uncommon in password, especially in those generated by password managers. This ensures that passwords are always SASLprep-safe without implementing the rather complex SASLprep algorithm. It also allows us to fully describe the alphabet restrictions in the relevant forms. Fixes #100
Showing
- tests/test_selfservice.py 13 additions, 0 deletionstests/test_selfservice.py
- tests/test_user.py 22 additions, 1 deletiontests/test_user.py
- uffd/selfservice/templates/selfservice/self.html 2 additions, 2 deletionsuffd/selfservice/templates/selfservice/self.html
- uffd/selfservice/templates/selfservice/set_password.html 3 additions, 3 deletionsuffd/selfservice/templates/selfservice/set_password.html
- uffd/signup/templates/signup/start.html 2 additions, 2 deletionsuffd/signup/templates/signup/start.html
- uffd/translations/de/LC_MESSAGES/messages.mo 0 additions, 0 deletionsuffd/translations/de/LC_MESSAGES/messages.mo
- uffd/translations/de/LC_MESSAGES/messages.po 48 additions, 51 deletionsuffd/translations/de/LC_MESSAGES/messages.po
- uffd/user/models.py 17 additions, 2 deletionsuffd/user/models.py
- uffd/user/templates/user/show.html 2 additions, 2 deletionsuffd/user/templates/user/show.html
- uffd/user/views_user.py 3 additions, 0 deletionsuffd/user/views_user.py
Loading
Please register or sign in to comment