Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password Complexity Checks #6230

Merged
merged 150 commits into from
Oct 14, 2019
Merged
Show file tree
Hide file tree
Changes from 136 commits
Commits
Show all changes
150 commits
Select commit Hold shift + click to select a range
1b11649
Password Complexity Checks
T-M-A Mar 3, 2019
0127fee
Merge branch 'master' into pwd-complexity
T-M-A Mar 3, 2019
b4210cb
fix unit test
T-M-A Mar 3, 2019
18061a7
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Mar 3, 2019
0af5b63
Update options/locale/locale_en-US.ini
adelowo Mar 3, 2019
f49a9a1
upgrade password check
T-M-A Mar 4, 2019
2aae5b5
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Mar 4, 2019
789b25b
Merge branch 'master' into pwd-complexity
T-M-A Mar 4, 2019
68811f0
Little refactoring
T-M-A Mar 5, 2019
8e3845d
xMerge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-com…
T-M-A Mar 5, 2019
bf749da
Merge branch 'master' into pwd-complexity
T-M-A Mar 5, 2019
a976460
fix 1
Mar 7, 2019
b6e7bd8
fix
Mar 7, 2019
3fc779c
fix pointers for checks
T-M-A Mar 7, 2019
244a6db
fix
T-M-A Mar 7, 2019
f297248
Merge branch 'master' into pwd-complexity
T-M-A Mar 7, 2019
7360ab6
fix admin/user/update
T-M-A Mar 7, 2019
560d28a
fix admin/user checks
T-M-A Mar 7, 2019
3a67b60
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Mar 7, 2019
82ff291
Merge branch 'master' into pwd-complexity
T-M-A Mar 7, 2019
3da4b38
fix ResetPasswd
T-M-A Mar 7, 2019
285ec84
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Mar 7, 2019
c7239cf
Add checks for CLI and API
T-M-A Mar 8, 2019
0e560ca
Merge branch 'master' into pwd-complexity
T-M-A Mar 8, 2019
5c0687a
Change algorimt for generate.GetRandomString
T-M-A Mar 24, 2019
46c172b
Merge branch 'master' into pwd-complexity
T-M-A Mar 24, 2019
7524102
fix imports
T-M-A Mar 24, 2019
789785b
fix linter errors
T-M-A Mar 24, 2019
f89bc50
fix for fmt-check
T-M-A Mar 24, 2019
c6fbca5
fix
T-M-A Mar 25, 2019
09447b4
little randomize
T-M-A Mar 25, 2019
8d2d146
Refactoriing code
T-M-A May 2, 2019
c14729f
Merge branch 'master' into pwd-complexity
T-M-A May 2, 2019
25c7a93
Merge branch 'master' into pwd-complexity
T-M-A May 3, 2019
5b3421b
fix build errors
T-M-A May 3, 2019
4e1b02e
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A May 3, 2019
5868a03
fix build errors
T-M-A May 3, 2019
4e2e3cc
Merge branch 'master' into pwd-complexity
T-M-A May 3, 2019
27e14a2
fix
T-M-A May 9, 2019
1867476
Merge branch 'master' into pwd-complexity
T-M-A May 9, 2019
224b2db
fix 2
T-M-A May 9, 2019
6879f31
Merge branch 'master' into pwd-complexity
techknowlogick Jun 11, 2019
fefc620
fix fmt-check
T-M-A Jun 12, 2019
f7a2a6b
Merge branch 'master' into pwd-complexity
T-M-A Jun 12, 2019
2611c9d
Update modules/generate/generate.go
T-M-A Jun 14, 2019
81b2f3d
Merge branch 'master' into pwd-complexity
T-M-A Jun 14, 2019
1503486
fix errors
T-M-A Jun 15, 2019
54d2ec4
Merge branch 'master' into pwd-complexity
T-M-A Jun 15, 2019
5af7ec6
Merge branch 'master' into pwd-complexity
T-M-A Jun 17, 2019
23058cb
Merge branch 'master' into pwd-complexity
T-M-A Jun 18, 2019
d587490
Merge branch 'master' into pwd-complexity
T-M-A Jun 18, 2019
2b8977b
Merge branch 'master' into pwd-complexity
T-M-A Jun 22, 2019
7c10353
Merge branch 'master' into pwd-complexity
T-M-A Jun 24, 2019
1d4bd25
Merge branch 'master' into pwd-complexity
T-M-A Jun 24, 2019
24ae039
Merge branch 'master' into pwd-complexity
T-M-A Jun 26, 2019
1cd9b8a
Merge branch 'master' into pwd-complexity
T-M-A Jun 29, 2019
f257bb0
Merge branch 'master' into pwd-complexity
T-M-A Jun 29, 2019
bad2849
Merge branch 'master' into pwd-complexity
T-M-A Jul 1, 2019
9ab9616
Merge branch 'master' into pwd-complexity
T-M-A Jul 2, 2019
7968f29
Merge branch 'master' into pwd-complexity
T-M-A Jul 3, 2019
77e3d62
Merge branch 'master' into pwd-complexity
T-M-A Jul 4, 2019
7378d63
Merge branch 'master' into pwd-complexity
T-M-A Jul 7, 2019
082826d
Merge branch 'master' into pwd-complexity
T-M-A Jul 7, 2019
0dd151c
Merge branch 'master' into pwd-complexity
T-M-A Jul 8, 2019
93af680
fix formats
T-M-A Jul 8, 2019
831898e
Merge branch 'master' into pwd-complexity
T-M-A Jul 9, 2019
43ddc3c
Merge branch 'master' into pwd-complexity
T-M-A Jul 12, 2019
1441526
Merge branch 'master' into pwd-complexity
T-M-A Jul 13, 2019
9cdd02c
Merge branch 'master' into pwd-complexity
T-M-A Jul 14, 2019
49fb8c0
Merge branch 'master' into pwd-complexity
T-M-A Jul 15, 2019
35e9ff0
Merge branch 'master' into pwd-complexity
T-M-A Jul 16, 2019
cd5ead4
Merge branch 'master' into pwd-complexity
T-M-A Jul 17, 2019
744fe82
Merge branch 'master' into pwd-complexity
T-M-A Jul 20, 2019
c4122b7
Merge branch 'master' into pwd-complexity
T-M-A Jul 23, 2019
d04abea
Merge branch 'master' into pwd-complexity
T-M-A Jul 23, 2019
166a6e7
Merge branch 'master' into pwd-complexity
T-M-A Jul 26, 2019
f154129
Merge branch 'master' into pwd-complexity
T-M-A Jul 29, 2019
7dcfa0a
Merge branch 'master' into pwd-complexity
T-M-A Jul 31, 2019
95b3f52
Merge branch 'master' into pwd-complexity
T-M-A Aug 1, 2019
3d6072a
Merge branch 'master' into pwd-complexity
T-M-A Aug 5, 2019
f505001
Merge branch 'master' into pwd-complexity
T-M-A Aug 8, 2019
370fb39
Merge branch 'master' into pwd-complexity
T-M-A Aug 9, 2019
a22346f
Merge branch 'master' into pwd-complexity
T-M-A Aug 10, 2019
0da6b77
Merge branch 'master' into pwd-complexity
T-M-A Aug 11, 2019
7a93e41
Merge branch 'master' into pwd-complexity
T-M-A Aug 12, 2019
952d288
Merge branch 'master' into pwd-complexity
T-M-A Aug 14, 2019
3d8b19c
Merge branch 'master' into pwd-complexity
T-M-A Aug 15, 2019
5260fb0
Merge branch 'master' into pwd-complexity
T-M-A Aug 17, 2019
4e87d0e
Fix for merge
T-M-A Aug 18, 2019
0ab72d9
Merge branch 'master' into pwd-complexity
T-M-A Aug 19, 2019
08fa9e9
Fix sample configuration file
T-M-A Aug 20, 2019
5a57340
Merge branch 'master' into pwd-complexity
T-M-A Aug 21, 2019
2c70cc8
Merge branch 'master' into pwd-complexity
T-M-A Aug 21, 2019
326d515
Fix comment for sample setting
T-M-A Aug 21, 2019
4ee7bd4
If setting is null - do not check complexity
T-M-A Aug 21, 2019
cde04fd
Fix locale
T-M-A Aug 21, 2019
9d55861
remove special chars in regexp pattern
T-M-A Aug 24, 2019
fbb2756
update special chars list
T-M-A Aug 24, 2019
f180425
# Conflicts:
T-M-A Aug 24, 2019
b73e1a8
Merge branch 'master' into pwd-complexity
T-M-A Aug 24, 2019
fc9ef53
fix fmt
T-M-A Aug 24, 2019
cf2644e
Merge branch 'master' into pwd-complexity
T-M-A Aug 25, 2019
66e416b
Minor fixes
T-M-A Aug 26, 2019
8abd9b6
Minor fixes
T-M-A Aug 26, 2019
4e65110
Minor fixes
T-M-A Aug 26, 2019
a129719
Merge remote-tracking branch 'origin/pwd-complexity' into pwd-complexity
T-M-A Aug 26, 2019
6762604
Minor fixes and rename generate.GeneratePassword for golang-lint pass
T-M-A Aug 26, 2019
183e22c
Adding more variants for test
T-M-A Sep 8, 2019
d6ee579
Merge branch 'master' into pwd-complexity
T-M-A Sep 8, 2019
ba6e8ab
Merge branch 'master' into pwd-complexity
T-M-A Sep 16, 2019
f7184f8
Fix for use default values.
T-M-A Sep 21, 2019
ffb8c71
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Sep 21, 2019
a7541de
Merge branch 'master' into pwd-complexity
T-M-A Sep 21, 2019
5817b42
Update cheat sheet
T-M-A Sep 22, 2019
e545efa
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Sep 22, 2019
51c3655
Merge branch 'master' into pwd-complexity
T-M-A Sep 22, 2019
8608600
Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
T-M-A Sep 23, 2019
c84f1a9
Update custom/conf/app.ini.sample
T-M-A Sep 24, 2019
7be7d0b
Update cmd/admin.go
T-M-A Sep 24, 2019
0bb4d3c
Merge branch 'master' into pwd-complexity
T-M-A Sep 24, 2019
d863e4e
Merge branch 'master' into pwd-complexity
T-M-A Sep 24, 2019
6e41130
Merge branch 'master' into pwd-complexity
T-M-A Sep 24, 2019
e0d9ea7
fix fmt
T-M-A Sep 24, 2019
1019fe8
Merge branch 'pwd-complexity' of github.com:T-M-A/gitea into pwd-comp…
T-M-A Sep 24, 2019
6279b71
Move to standalone package, refactoring generate function
T-M-A Sep 26, 2019
0240b00
Move to standalone package, refactoring generate function
T-M-A Sep 26, 2019
191c435
Move to standalone package, refactoring generate function
T-M-A Sep 26, 2019
59f2a89
fix imports
T-M-A Sep 27, 2019
5cd4168
Move to standalone package, refactoring generate function
T-M-A Oct 2, 2019
c67be56
Move to standalone package, refactoring generate function
T-M-A Oct 2, 2019
af8e700
Move to standalone package, refactoring generate function, rename fun…
T-M-A Oct 6, 2019
8f4f1f5
Update modules/setting/setting.go
T-M-A Oct 7, 2019
fa41105
Merge branch 'master' into pwd-complexity
techknowlogick Oct 7, 2019
189153e
Update modules/setting/setting.go
T-M-A Oct 8, 2019
3374ada
Add broken call initDB()
T-M-A Oct 8, 2019
957eaac
Add broken call initDB()
T-M-A Oct 8, 2019
d9bf639
Merge branch 'master' into pwd-complexity
lunny Oct 8, 2019
048dd01
Increased the number of special characters
T-M-A Oct 10, 2019
cf4ba9e
Update modules/password/password.go
T-M-A Oct 10, 2019
91267a1
Increased the number of special characters and space symbol. Checked …
zeripath Oct 10, 2019
51708bf
Increased the number of special characters and space symbol. Checked …
T-M-A Oct 11, 2019
d86a869
Merge branch 'master' into pwd-complexity
lunny Oct 11, 2019
26bc832
Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
T-M-A Oct 11, 2019
dab06db
Update modules/setting/setting.go
T-M-A Oct 11, 2019
bfb3793
Merge branch 'master' into pwd-complexity
lafriks Oct 11, 2019
48e2515
Merge branch 'master' into pwd-complexity
sapk Oct 11, 2019
e531c7d
Merge branch 'master' into pwd-complexity
T-M-A Oct 12, 2019
4eda987
Merge branch 'master' into pwd-complexity
lunny Oct 13, 2019
d20d9f7
Merge branch 'master' into pwd-complexity
lafriks Oct 14, 2019
b9b2cee
Merge branch 'master' into pwd-complexity
T-M-A Oct 14, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 10 additions & 9 deletions cmd/admin.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ import (

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/oauth2"
"code.gitea.io/gitea/modules/generate"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
pwd "code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"

"github.com/urfave/cli"
Expand Down Expand Up @@ -233,7 +233,9 @@ func runChangePassword(c *cli.Context) error {
if err := initDB(); err != nil {
return err
}

if !pwd.IsComplexEnough(c.String("password")) {
return errors.New("Password does not meet complexity requirements")
}
uname := c.String("username")
user, err := models.GetUserByName(uname)
if err != nil {
Expand All @@ -243,6 +245,7 @@ func runChangePassword(c *cli.Context) error {
return err
}
user.HashPassword(c.String("password"))

if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
return err
}
Expand Down Expand Up @@ -275,26 +278,24 @@ func runCreateUser(c *cli.Context) error {
fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
}

var password string
if err := initDB(); err != nil {
return err
}

var password string
if c.IsSet("password") {
password = c.String("password")
} else if c.IsSet("random-password") {
var err error
password, err = generate.GetRandomString(c.Int("random-password-length"))
password, err = pwd.Generate(c.Int("random-password-length"))
if err != nil {
return err
}

fmt.Printf("generated random password is '%s'\n", password)
} else {
return errors.New("must set either password or random-password flag")
}

if err := initDB(); err != nil {
return err
}

// always default to true
var changePassword = true

Expand Down
5 changes: 4 additions & 1 deletion custom/conf/app.ini.sample
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,9 @@ MIN_PASSWORD_LENGTH = 6
IMPORT_LOCAL_PATHS = false
; Set to true to prevent all users (including admin) from creating custom git hooks
DISABLE_GIT_HOOKS = false
;Comma separated list of character classes required to pass minimum complexity.
;If left empty or no valid values are specified, the default values (`lower,upper,digit,spec`) will be used.
PASSWORD_COMPLEXITY = lower,upper,digit,spec
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
lafriks marked this conversation as resolved.
Show resolved Hide resolved
; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
PASSWORD_HASH_ALGO = pbkdf2
; Set false to allow JavaScript to read CSRF cookie
Expand Down Expand Up @@ -415,7 +418,7 @@ DEFAULT_ALLOW_CREATE_ORGANIZATION = true
; Public is for everyone
DEFAULT_ORG_VISIBILITY = public
; Default value for DefaultOrgMemberVisible
; True will make the membership of the users visible when added to the organisation
; True will make the membership of the users visible when added to the organisation
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
DEFAULT_ORG_MEMBER_VISIBLE = false
; Default value for EnableDependencies
; Repositories will use dependencies by default depending on this setting
Expand Down
5 changes: 5 additions & 0 deletions docs/content/doc/advanced/config-cheat-sheet.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,11 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\].
- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
- `PASSWORD_COMPLEXITY`: **lower,upper,digit,spec**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, the default values will be used. Possible values are:
- lower - use one or more lower latin characters
- upper - use one or more upper latin characters
- digit - use one or more digits
- spec - use one or more special characters as `-` or `_`.

## OpenID (`openid`)

Expand Down
74 changes: 74 additions & 0 deletions modules/password/password.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package password
T-M-A marked this conversation as resolved.
Show resolved Hide resolved

import (
"crypto/rand"
"math/big"
"regexp"
"sync"

"code.gitea.io/gitea/modules/setting"
)

var matchComplexities = map[string]regexp.Regexp{}
var matchComplexityOnce sync.Once
var validChars string

var validComplexities = map[string]string{
"lower": "abcdefghijklmnopqrstuvwxyz",
"upper": "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
"digit": "0123456789",
"spec": "_-",
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
}

// NewComplexity for preparation
func NewComplexity() {
matchComplexityOnce.Do(func() {
if len(setting.PasswordComplexity) > 0 {
for key, val := range setting.PasswordComplexity {
matchComplexity := regexp.MustCompile(val)
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
matchComplexities[key] = *matchComplexity
validChars += validComplexities[key]
}
} else {
for _, val := range validComplexities {
validChars += val
}
}
})
}

// IsComplexEnough return True if password is Complexity
func IsComplexEnough(pwd string) bool {
if len(setting.PasswordComplexity) > 0 {
NewComplexity()
for _, val := range matchComplexities {
if !val.MatchString(pwd) {
return false
}
}
}
return true
}

// Generate a random password
func Generate(n int) (string, error) {
NewComplexity()
buffer := make([]byte, n)
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
max := big.NewInt(int64(len(validChars)))
for {
for j := 0; j < n; j++ {
rnd, err := rand.Int(rand.Reader, max)
if err != nil {
return "", err
}
buffer[j] = validChars[rnd.Int64()]
}
if IsComplexEnough(string(buffer)) {
return string(buffer), nil
}
}
}
22 changes: 22 additions & 0 deletions modules/setting/setting.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ var (
MinPasswordLength int
ImportLocalPaths bool
DisableGitHooks bool
PasswordComplexity map[string]string
PasswordHashAlgo string

// UI settings
Expand Down Expand Up @@ -774,6 +775,27 @@ func NewContext() {

InternalToken = loadInternalToken(sec)

var dictPC = map[string]string{
"lower": "[a-z]+",
"upper": "[A-Z]+",
"digit": "[0-9]+",
"spec": "[-_]+",
}
PasswordComplexity = make(map[string]string)
cfgdata := sec.Key("PASSWORD_COMPLEXITY").Strings(",")
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
for _, y := range cfgdata {
ts := strings.TrimSpace(y)
for a := range dictPC {
if strings.ToLower(ts) == a {
PasswordComplexity[ts] = dictPC[ts]
break
}
}
}
if len(PasswordComplexity) == 0 {
T-M-A marked this conversation as resolved.
Show resolved Hide resolved
PasswordComplexity = dictPC
}

sec = Cfg.Section("attachment")
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
if !filepath.IsAbs(AttachmentPath) {
Expand Down
1 change: 1 addition & 0 deletions options/locale/locale_en-US.ini
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,7 @@ team_no_units_error = Allow access to at least one repository section.
email_been_used = The email address is already used.
openid_been_used = The OpenID address '%s' is already used.
username_password_incorrect = Username or password is incorrect.
password_complexity = Password does not pass complexity requirements.
enterred_invalid_repo_name = The repository name you entered is incorrect.
enterred_invalid_owner_name = The new owner name is not valid.
enterred_invalid_password = The password you entered is incorrect.
Expand Down
10 changes: 9 additions & 1 deletion routers/admin/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers"
"code.gitea.io/gitea/services/mailer"
Expand Down Expand Up @@ -94,7 +95,10 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
u.LoginName = form.LoginName
}
}

if !password.IsComplexEnough(form.Password) {
ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserNew, &form)
return
}
if err := models.CreateUser(u); err != nil {
switch {
case models.IsErrUserAlreadyExist(err):
Expand Down Expand Up @@ -201,6 +205,10 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
ctx.ServerError("UpdateUser", err)
return
}
if !password.IsComplexEnough(form.Password) {
ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserEdit, &form)
return
}
u.HashPassword(form.Password)
}

Expand Down
14 changes: 13 additions & 1 deletion routers/api/v1/admin/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@
package admin

import (
"errors"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/password"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/routers/api/v1/convert"
"code.gitea.io/gitea/routers/api/v1/user"
Expand Down Expand Up @@ -73,7 +76,11 @@ func CreateUser(ctx *context.APIContext, form api.CreateUserOption) {
if ctx.Written() {
return
}

if !password.IsComplexEnough(form.Password) {
err := errors.New("PasswordComplexity")
ctx.Error(400, "PasswordComplexity", err)
return
}
if err := models.CreateUser(u); err != nil {
if models.IsErrUserAlreadyExist(err) ||
models.IsErrEmailAlreadyUsed(err) ||
Expand Down Expand Up @@ -131,6 +138,11 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
}

if len(form.Password) > 0 {
if !password.IsComplexEnough(form.Password) {
err := errors.New("PasswordComplexity")
ctx.Error(400, "PasswordComplexity", err)
return
}
var err error
if u.Salt, err = models.GetUserSalt(); err != nil {
ctx.Error(500, "UpdateUser", err)
Expand Down
11 changes: 6 additions & 5 deletions routers/user/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/recaptcha"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
Expand Down Expand Up @@ -1320,6 +1321,11 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
return
} else if !password.IsComplexEnough(passwd) {
ctx.Data["IsResetForm"] = true
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplResetPassword, nil)
return
}

var err error
Expand Down Expand Up @@ -1350,24 +1356,19 @@ func ResetPasswdPost(ctx *context.Context) {
func MustChangePassword(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"

ctx.HTML(200, tplMustChangePassword)
}

// MustChangePasswordPost response for updating a user's password after his/her
// account was created by an admin
func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")

ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"

if ctx.HasError() {
ctx.HTML(200, tplMustChangePassword)
return
}

u := ctx.User

// Make sure only requests for users who are eligible to change their password via
// this method passes through
if !u.MustChangePassword {
Expand Down
3 changes: 3 additions & 0 deletions routers/user/setting/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/password"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/services/mailer"
Expand Down Expand Up @@ -52,6 +53,8 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
} else if form.Password != form.Retype {
ctx.Flash.Error(ctx.Tr("form.password_not_match"))
} else if !password.IsComplexEnough(form.Password) {
ctx.Flash.Error(ctx.Tr("settings.password_complexity"))
} else {
var err error
if ctx.User.Salt, err = models.GetUserSalt(); err != nil {
Expand Down
Loading