Annikka/evennia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modifies CmdUnconnectedCreate, CmdPassword and CmdNewPassword to use Django password validation before modification.

Browse source
This commit is contained in:
Johnny 2018-09-20 21:29:56 +00:00
parent c8c9e831ee
commit e5828024e2
3 changed files with 30 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

10
evennia/commands/default/account.py
View file

@ -627,10 +627,16 @@ class CmdPassword(COMMAND_DEFAULT_CLASS):
return return
oldpass = self.lhslist[0] # Both of these are oldpass = self.lhslist[0] # Both of these are
newpass = self.rhslist[0] # already stripped by parse() newpass = self.rhslist[0] # already stripped by parse()
# Validate password
validated, error = account.validate_password(newpass)
if not account.check_password(oldpass): if not account.check_password(oldpass):
self.msg("The specified old password isn't correct.") self.msg("The specified old password isn't correct.")
elif len(newpass) < 3: elif not validated:
self.msg("Passwords must be at least three characters long.") errors = [e for suberror in error.messages for e in error.messages]
string = "\n".join(errors)
self.msg(string)
else: else:
account.set_password(newpass) account.set_password(newpass)
account.save() account.save()

17
evennia/commands/default/admin.py
View file

@ -428,12 +428,23 @@ class CmdNewPassword(COMMAND_DEFAULT_CLASS):
account = caller.search_account(self.lhs) account = caller.search_account(self.lhs)
if not account: if not account:
return return
account.set_password(self.rhs)
newpass = self.rhs
# Validate password
validated, error = account.validate_password(newpass)
if not validated:
errors = [e for suberror in error.messages for e in error.messages]
string = "\n".join(errors)
caller.msg(string)
return
account.set_password(newpass)
account.save() account.save()
self.msg("%s - new password set to '%s'." % (account.name, self.rhs)) self.msg("%s - new password set to '%s'." % (account.name, newpass))
if account.character != caller: if account.character != caller:
account.msg("%s has changed your password to '%s'." % (caller.name, account.msg("%s has changed your password to '%s'." % (caller.name,
self.rhs)) newpass))
class CmdPerm(COMMAND_DEFAULT_CLASS): class CmdPerm(COMMAND_DEFAULT_CLASS):

12
evennia/commands/default/unloggedin.py
View file

@ -294,10 +294,14 @@ class CmdUnconnectedCreate(COMMAND_DEFAULT_CLASS):
string = "\n\r That name is reserved. Please choose another Accountname." string = "\n\r That name is reserved. Please choose another Accountname."
session.msg(string) session.msg(string)
return return
if not re.findall(r"^[\w. @+\-']+$", password) or not (3 < len(password)):
string = "\n\r Password should be longer than 3 characters. Letters, spaces, digits and @/./+/-/_/' only." \ # Validate password
"\nFor best security, make it longer than 8 characters. You can also use a phrase of" \ Account = utils.class_from_module(settings.BASE_ACCOUNT_TYPECLASS)
"\nmany words if you enclose the password in double quotes." # Have to create a dummy Account object to check username similarity
valid, error = Account.validate_password(password, account=Account(username=accountname))
if error:
errors = [e for suberror in error.messages for e in error.messages]
string = "\n".join(errors)
session.msg(string) session.msg(string)
return return