couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject couch commit: updated refs/heads/password-strength to 0067d58
Date Wed, 12 Aug 2015 14:22:16 GMT
Repository: couchdb-couch
Updated Branches:
  refs/heads/password-strength [created] 0067d5842


Initial version of password strength enforcement


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/0067d584
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/0067d584
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/0067d584

Branch: refs/heads/password-strength
Commit: 0067d584278245b8a117eed6493f72918fb01f31
Parents: 553ab08
Author: Robert Newson <rnewson@apache.org>
Authored: Wed Aug 12 15:21:53 2015 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Wed Aug 12 15:21:53 2015 +0100

----------------------------------------------------------------------
 src/couch_passwords.erl | 12 ++++++++++++
 src/couch_users_db.erl  |  2 ++
 2 files changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/0067d584/src/couch_passwords.erl
----------------------------------------------------------------------
diff --git a/src/couch_passwords.erl b/src/couch_passwords.erl
index b06a584..4b3e07b 100644
--- a/src/couch_passwords.erl
+++ b/src/couch_passwords.erl
@@ -23,6 +23,7 @@
 %% legacy scheme, not used for new passwords.
 -spec simple(binary(), binary()) -> binary().
 simple(Password, Salt) when is_binary(Password), is_binary(Salt) ->
+    validate_password(Password),
     ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
 
 %% CouchDB utility functions
@@ -78,6 +79,7 @@ pbkdf2(Password, Salt, Iterations, DerivedLength) when is_binary(Password),
                                                        is_integer(Iterations),
                                                        Iterations > 0,
                                                        is_integer(DerivedLength) ->
+    validate_password(Password),
     L = ceiling(DerivedLength / ?SHA1_OUTPUT_LENGTH),
     <<Bin:DerivedLength/binary,_/binary>> =
         iolist_to_binary(pbkdf2(Password, Salt, Iterations, L, 1, [])),
@@ -127,6 +129,16 @@ verify(X, Y) when is_list(X) and is_list(Y) ->
     end;
 verify(_X, _Y) -> false.
 
+validate_password(Password) when is_binary(Password) ->
+    MinLength = config:get_integer("passwords", "min_length", 3),
+    case byte_size(Password) < MinLength of
+        true ->
+            throw({forbidden, "Password is too short"});
+        false ->
+            ok
+    end.
+
+
 -spec ceiling(number()) -> integer().
 ceiling(X) ->
     T = erlang:trunc(X),

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/0067d584/src/couch_users_db.erl
----------------------------------------------------------------------
diff --git a/src/couch_users_db.erl b/src/couch_users_db.erl
index 6f7b9af..822ec45 100644
--- a/src/couch_users_db.erl
+++ b/src/couch_users_db.erl
@@ -54,6 +54,8 @@ before_doc_update(Doc, #db{user_ctx = UserCtx} = Db) ->
 % If newDoc.password == null || newDoc.password == undefined:
 %   ->
 %   noop
+% Else If password is weak:
+%   throw forbidden
 % Else -> // calculate password hash server side
 %    newDoc.password_sha = hash_pw(newDoc.password + salt)
 %    newDoc.salt = salt


Mime
View raw message