Skip to content

Commit

Permalink
Add password blacklist
Browse files Browse the repository at this point in the history
  • Loading branch information
carlbennett committed Dec 28, 2019
1 parent e010ad8 commit aaa2820
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 7 deletions.
14 changes: 14 additions & 0 deletions etc/config.sample.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,20 @@
},
"server_update_job_token": null,
"user_login_disabled": false,
"user_password_blacklist": [
{
"password": "123456",
"reason": "This password is too simple and well known."
},
{
"password": "correcthorsebatterystaple",
"reason": "This is a bad password because it's well known. Don't take advice from a web comic too seriously."
},
{
"password": "password",
"reason": "This password is too simple and well known."
}
],
"user_password_pepper": "bnetdocs-INSERTRANDOMVALUEHERE",
"user_register_disabled": false,
"user_register_requirements": {
Expand Down
8 changes: 8 additions & 0 deletions src/controllers/User/ChangePassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,14 @@ protected function tryChangePassword(
$model->error = "PASSWORD_INCORRECT";
return;
}
$blacklist = Common::$config->bnetdocs->user_password_blacklist;
foreach ($blacklist as $blacklist_pw) {
if (strtolower($blacklist_pw->password) == strtolower($pw2)) {
$model->error = "PASSWORD_BLACKLIST";
$model->error_extra = $blacklist_pw->reason;
return;
}
}
$old_password_hash = Authentication::$user->getPasswordHash();
$old_password_salt = Authentication::$user->getPasswordSalt();
try {
Expand Down
23 changes: 16 additions & 7 deletions src/controllers/User/Register.php
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,14 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
$model->error = "PASSWORD_TOO_SHORT";
return;
}
$blacklist = Common::$config->bnetdocs->user_password_blacklist;
foreach ($blacklist as $blacklist_pw) {
if (strtolower($blacklist_pw->password) == strtolower($pw1)) {
$model->error = "PASSWORD_BLACKLIST";
$model->error_extra = $blacklist_pw->reason;
return;
}
}
if (Common::$config->bnetdocs->user_register_disabled) {
$model->error = "REGISTER_DISABLED";
return;
Expand Down Expand Up @@ -180,14 +188,15 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
Logger::logEvent(
EventTypes::USER_CREATED,
$user_id,
getenv("REMOTE_ADDR"),
getenv('REMOTE_ADDR'),
json_encode([
"error" => $model->error,
"requirements" => $req,
"email" => $email,
"username" => $username,
"display_name" => null,
"options_bitmask" => 0,
'error' => $model->error,
'error_extra' => $model->error_extra,
'requirements' => $req,
'email' => $email,
'username' => $username,
'display_name' => null,
'options_bitmask' => 0,
])
);

Expand Down
5 changes: 5 additions & 0 deletions src/models/User/ChangePassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,9 @@

class ChangePassword extends Model {

public $csrf_id;
public $csrf_token;
public $error;
public $error_extra;

}
4 changes: 4 additions & 0 deletions src/models/User/Register.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,11 @@

class Register extends Model {

public $csrf_id;
public $csrf_token;
public $email;
public $error;
public $error_extra;
public $recaptcha;
public $username;
public $username_max_len;
Expand Down
4 changes: 4 additions & 0 deletions src/templates/User/ChangePassword.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ switch ($this->getContext()->error) {
case "PASSWORD_INCORRECT":
$message = "You did not enter your correct current password.";
break;
case "PASSWORD_BLACKLIST":
$message = $this->getContext()->error_extra;
if (empty($message)) $message = "The new password is blacklisted.";
break;
case "INTERNAL_ERROR":
$message = "An internal error occurred while processing your request. "
. "Our staff have been notified of the issue. Try again later.";
Expand Down
5 changes: 5 additions & 0 deletions src/templates/User/Register.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ switch ($this->getContext()->error) {
$af = "pw1";
$message = "The password is too short, use a better password.";
break;
case "PASSWORD_BLACKLIST":
$af = "pw1";
$message = $this->getContext()->error_extra;
if (empty($message)) $message = "The password is blacklisted.";
break;
case "REGISTER_DISABLED":
$af = null;
$message = "Creating accounts has been administratively disabled "
Expand Down

0 comments on commit aaa2820

Please sign in to comment.