diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-09-15 20:30:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-15 20:30:40 +0200 |
| commit | e9adcde4648b54db8d40f314ca938dca5080bb9c (patch) | |
| tree | bd826aa5f5857e063d575fec1ec16068712edd4a /Bugzilla/Config | |
| parent | 06c57b6e475767923f8294cf93fd746d45f3dc6f (diff) | |
| download | bugzilla-e9adcde4648b54db8d40f314ca938dca5080bb9c.tar.gz bugzilla-e9adcde4648b54db8d40f314ca938dca5080bb9c.tar.xz | |
Bug 1391702 - Replace Bugzilla::User::validate_password() with calls to Data::Password::passwdqc
Diffstat (limited to 'Bugzilla/Config')
| -rw-r--r-- | Bugzilla/Config/Auth.pm | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm index dddedd819..58a3d3cd7 100644 --- a/Bugzilla/Config/Auth.pm +++ b/Bugzilla/Config/Auth.pm @@ -12,6 +12,8 @@ use strict; use warnings; use Bugzilla::Config::Common; +use Types::Standard qw(Tuple Maybe); +use Types::Common::Numeric qw(PositiveInt); our $sortkey = 300; @@ -119,6 +121,42 @@ sub get_param_list { type => 'b', default => '1' }, + + { + name => 'passwdqc_min', + type => 't', + default => 'undef, 24, 11, 8, 7', + checker => \&_check_passwdqc_min, + }, + + { + name => 'passwdqc_max', + type => 't', + default => '40', + checker => \&_check_passwdqc_max, + }, + + { + name => 'passwdqc_passphrase_words', + type => 't', + default => '3', + checker => \&check_numeric, + }, + + { + name => 'passwdqc_match_length', + type => 't', + default => '4', + checker => \&check_numeric, + }, + + { + name => 'passwdqc_random_bits', + type => 't', + default => '47', + checker => \&_check_passwdqc_random_bits, + }, + { name => 'auth_delegation', type => 'b', @@ -149,4 +187,51 @@ sub get_param_list { return @param_list; } +my $passwdqc_min = Tuple[ + Maybe[PositiveInt], + Maybe[PositiveInt], + Maybe[PositiveInt], + Maybe[PositiveInt], + Maybe[PositiveInt], +]; + +sub _check_passwdqc_min { + my ($value) = @_; + my @values = map { $_ eq 'undef' ? undef : $_ } split( /\s*,\s*/, $value ); + + unless ( $passwdqc_min->check( \@values ) ) { + return "must be list of five values, that are either integers > 0 or undef"; + } + + my ( $max, $max_pos ); + my $pos = 0; + foreach my $value (@values) { + if ( defined $max && defined $value ) { + if ( $value > $max ) { + return "Int$pos is larger than Int$max_pos ($max)"; + } + } + elsif ( defined $value ) { + $max = $value; + $max_pos = $pos; + } + $pos++; + } + return ""; +} + +sub _check_passwdqc_max { + my ($value) = @_; + return "must be a positive integer" unless PositiveInt->check($value); + return "must be greater than 8" unless $value > 8; + return ""; +} + +sub _check_passwdqc_random_bits { + my ($value) = @_; + return "must be a positive integer" unless PositiveInt->check($value); + return "must be between 24 and 85 inclusive" unless $value >= 24 && $value <= 85; + return ""; +} + 1; |