aeecleclair · BLEMENT33 · Mar 16, 2024 · Mar 16, 2024 · Mar 16, 2024 · Mar 18, 2024
diff --git a/app/app.py b/app/app.py
@@ -1,5 +1,6 @@
 """File defining the Metadata. And the basic functions creating the database tables and calling the router"""
 
+import json
 import logging
 import uuid
 from collections.abc import AsyncGenerator, Awaitable, Callable
@@ -20,6 +21,7 @@
 from sqlalchemy.engine import Connection, Engine
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import Session
+from zxcvbn.matching import add_frequency_lists
 
 from app import api
 from app.core import models_core
@@ -304,6 +306,16 @@ async def lifespan(app: FastAPI) -> AsyncGenerator:
     ):
         hyperion_error_logger.info("Redis client not configured")
 
+    # We add custom dictionnaries for password verification with zxcvb.
+    # Dictionnaries come from https://github.com/zxcvbn-ts/zxcvbn/tree/master/packages/languages
+    password_dicts: dict[str, list[str]] = {}
+    for password_dict_file in Path("assets/password_dict").glob("*/*"):
+        with Path.open(password_dict_file) as file:
+            password_dicts[
+                f"{password_dict_file.parts[-2]}_{password_dict_file.stem}"
+            ] = json.load(file)
+    add_frequency_lists(password_dicts)
+
     @app.middleware("http")
     async def logging_middleware(
         request: Request,

diff --git a/app/utils/validators.py b/app/utils/validators.py
@@ -1,3 +1,7 @@
+import re
+
+import zxcvbn
+
 """
 A collection of Pydantic validators
 See https://pydantic-docs.helpmanual.io/usage/validators/#reuse-validators
@@ -10,10 +14,21 @@
     This function is intended to be used as a Pydantic validator:
     https://pydantic-docs.helpmanual.io/usage/validators/#reuse-validators
     """
-    # TODO
-    if len(password) < 6:
-        raise ValueError("The password must be at least 6 characters long")
-    return password.strip()
+    password = password.strip()
+    if not re.fullmatch(
+        r"(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$€%^&*\(\)_+\-.,.?\":\{\}|<>'/;\[\]]).*",
+        password,
+    ):
+        raise ValueError(
+            "The password must contain at least one number, one special character, one majuscule and one minuscule.",
+        )
+    result = zxcvbn.zxcvbn(password)
+    if not result["score"] == 4:
+        raise ValueError(
+            result["feedback"],
+        )
+
+    return password
 
 
 def email_normalizer(email: str) -> str:

diff --git a/assets/password_dict/fr/commonWords.json b/assets/password_dict/fr/commonWords.json
diff --git a/assets/password_dict/fr/firstnames.json b/assets/password_dict/fr/firstnames.json
diff --git a/assets/password_dict/fr/lastnames.json b/assets/password_dict/fr/lastnames.json
diff --git a/assets/password_dict/fr/wikipedia.json b/assets/password_dict/fr/wikipedia.json
diff --git a/requirements-common.txt b/requirements-common.txt
@@ -18,4 +18,5 @@ redis==5.0.7
 requests==2.32.3
 SQLAlchemy[asyncio]==2.0.31         # [asyncio] allows greenlet to be installed on Apple M1 devices.
 unidecode==1.3.8
-uvicorn[standard]==0.29.0
+uvicorn[standard]==0.29.0
+zxcvbn==4.4.28
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -11,4 +11,5 @@ pytest==8.2.2
 ruff==0.4.8
 types-aiofiles==24.1.0.20240626
 types-redis==4.6.0.20240425
-types-requests==2.32.0.20240622
+types-requests==2.32.0.20240622
+types-zxcvbn==4.4.1.20240106
diff --git a/tests/test_users.py b/tests/test_users.py
@@ -26,7 +26,7 @@
 FABRISTPP_EMAIL_2 = "fabristpp.eclair3@ecl21.ec-lyon.fr"
 
 student_user_email = "student@etu.ec-lyon.fr"
-student_user_password = "password"
+student_user_password = "Password1!"
 
 
 @pytest_asyncio.fixture(scope="module", autouse=True)
@@ -162,7 +162,7 @@ def test_create_and_activate_user(mocker: MockerFixture, client: TestClient) ->
         "/users/activate",
         json={
             "activation_token": UNIQUE_TOKEN,
-            "password": "password",
+            "password": "eclair!AEECL69",
             "firstname": "firstname",
             "name": "name",
             "nickname": "nickname",
@@ -212,7 +212,7 @@ def test_recover_and_reset_password(mocker: MockerFixture, client: TestClient) -
 
     response = client.post(
         "/users/reset-password",
-        json={"reset_token": UNIQUE_TOKEN, "new_password": "new_password"},
+        json={"reset_token": UNIQUE_TOKEN, "new_password": "eclar!AEECL69"},
     )
 
     assert response.status_code == 201
@@ -302,7 +302,7 @@ def test_change_password(client: TestClient) -> None:
         json={
             "email": student_user_email,
             "old_password": student_user_password,
-            "new_password": "the_new_password",
+            "new_password": "pluseclair!AEECL69",
         },
         headers={"Authorization": f"Bearer {token_student_user}"},
     )