Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall
diff options
context:
space:
mode:
authorDaniel Girtler <blackrabbit256@gmail.com>2022-06-06 21:04:50 +1000
committerGitHub <noreply@github.com>2022-06-06 13:04:50 +0200
commitf2492ca574448fe4bd44604316da322720e70040 (patch)
tree5f4a19e0b99af201677312e28b1ab7ed196d518f /archinstall
parent32442ac7f36d71f0ba0d10bb5db19afa4a099e23 (diff)
Fix #1304 - Make password validation less intrusive (#1308)
* Make password validation less intrusive * Update Co-authored-by: Daniel Girtler <girtler.daniel@gmail.com>
Diffstat (limited to 'archinstall')
-rw-r--r--archinstall/lib/models/password_strength.py85
-rw-r--r--archinstall/lib/models/users.py7
-rw-r--r--archinstall/lib/user_interaction/utils.py32
3 files changed, 97 insertions, 27 deletions
diff --git a/archinstall/lib/models/password_strength.py b/archinstall/lib/models/password_strength.py
new file mode 100644
index 00000000..61986bf0
--- /dev/null
+++ b/archinstall/lib/models/password_strength.py
@@ -0,0 +1,85 @@
+from enum import Enum
+
+
+class PasswordStrength(Enum):
+ VERY_WEAK = 'very weak'
+ WEAK = 'weak'
+ MODERATE = 'moderate'
+ STRONG = 'strong'
+
+ @property
+ def value(self):
+ match self:
+ case PasswordStrength.VERY_WEAK: return str(_('very weak'))
+ case PasswordStrength.WEAK: return str(_('weak'))
+ case PasswordStrength.MODERATE: return str(_('moderate'))
+ case PasswordStrength.STRONG: return str(_('strong'))
+
+ def color(self):
+ match self:
+ case PasswordStrength.VERY_WEAK: return 'red'
+ case PasswordStrength.WEAK: return 'red'
+ case PasswordStrength.MODERATE: return 'yellow'
+ case PasswordStrength.STRONG: return 'green'
+
+ @classmethod
+ def strength(cls, password: str) -> 'PasswordStrength':
+ digit = any(character.isdigit() for character in password)
+ upper = any(character.isupper() for character in password)
+ lower = any(character.islower() for character in password)
+ symbol = any(not character.isalnum() for character in password)
+ return cls._check_password_strength(digit, upper, lower, symbol, len(password))
+
+ @classmethod
+ def _check_password_strength(
+ cls,
+ digit: bool,
+ upper: bool,
+ lower: bool,
+ symbol: bool,
+ length: int
+ ) -> 'PasswordStrength':
+ # suggested evaluation
+ # https://github.com/archlinux/archinstall/issues/1304#issuecomment-1146768163
+ if digit and upper and lower and symbol:
+ match length:
+ case num if 13 <= num:
+ return PasswordStrength.STRONG
+ case num if 11 <= num <= 12:
+ return PasswordStrength.MODERATE
+ case num if 7 <= num <= 10:
+ return PasswordStrength.WEAK
+ case num if num <= 6:
+ return PasswordStrength.VERY_WEAK
+ elif digit and upper and lower:
+ match length:
+ case num if 14 <= num:
+ return PasswordStrength.STRONG
+ case num if 11 <= num <= 13:
+ return PasswordStrength.MODERATE
+ case num if 7 <= num <= 10:
+ return PasswordStrength.WEAK
+ case num if num <= 6:
+ return PasswordStrength.VERY_WEAK
+ elif upper and lower:
+ match length:
+ case num if 15 <= num:
+ return PasswordStrength.STRONG
+ case num if 12 <= num <= 14:
+ return PasswordStrength.MODERATE
+ case num if 7 <= num <= 11:
+ return PasswordStrength.WEAK
+ case num if num <= 6:
+ return PasswordStrength.VERY_WEAK
+ elif lower or upper:
+ match length:
+ case num if 18 <= num:
+ return PasswordStrength.STRONG
+ case num if 14 <= num <= 17:
+ return PasswordStrength.MODERATE
+ case num if 9 <= num <= 13:
+ return PasswordStrength.WEAK
+ case num if num <= 8:
+ return PasswordStrength.VERY_WEAK
+
+ return PasswordStrength.VERY_WEAK
diff --git a/archinstall/lib/models/users.py b/archinstall/lib/models/users.py
index a3057291..f72cabde 100644
--- a/archinstall/lib/models/users.py
+++ b/archinstall/lib/models/users.py
@@ -1,6 +1,8 @@
from dataclasses import dataclass
from typing import Dict, List, Union, Any, TYPE_CHECKING
+from .password_strength import PasswordStrength
+
if TYPE_CHECKING:
_: Any
@@ -25,8 +27,9 @@ class User:
}
def display(self) -> str:
- password = '*' * len(self.password)
- return f'{_("Username")}: {self.username:16} {_("Password")}: {password:16} sudo: {str(self.sudo)}'
+ strength = PasswordStrength.strength(self.password)
+ password = '*' * len(self.password) + f' ({strength.value})'
+ return f'{_("Username")}: {self.username:16} {_("Password")}: {password:20} sudo: {str(self.sudo)}'
@classmethod
def _parse(cls, config_users: List[Dict[str, Any]]) -> List['User']:
diff --git a/archinstall/lib/user_interaction/utils.py b/archinstall/lib/user_interaction/utils.py
index fa079bc2..7ee6fc07 100644
--- a/archinstall/lib/user_interaction/utils.py
+++ b/archinstall/lib/user_interaction/utils.py
@@ -7,6 +7,7 @@ import time
from typing import Any, Optional, TYPE_CHECKING
from ..menu import Menu
+from ..models.password_strength import PasswordStrength
from ..output import log
if TYPE_CHECKING:
@@ -16,42 +17,23 @@ if TYPE_CHECKING:
SIG_TRIGGER = None
-def check_password_strong(passwd: str) -> bool:
- symbol_count = 0
- if any(character.isdigit() for character in passwd):
- symbol_count += 10
- if any(character.isupper() for character in passwd):
- symbol_count += 26
- if any(character.islower() for character in passwd):
- symbol_count += 26
- if any(not character.isalnum() for character in passwd):
- symbol_count += 40
-
- if symbol_count**len(passwd) < 10e20:
- prompt = str(_("The password you are using seems to be weak, are you sure you want to use it?"))
- choice = Menu(prompt, Menu.yes_no(), default_option=Menu.yes()).run()
- return choice.value == Menu.yes()
-
- return True
-
-
def get_password(prompt: str = '') -> Optional[str]:
if not prompt:
prompt = _("Enter a password: ")
- while passwd := getpass.getpass(prompt):
- if len(passwd.strip()) <= 0:
+ while password := getpass.getpass(prompt):
+ if len(password.strip()) <= 0:
break
- if not check_password_strong(passwd):
- continue
+ strength = PasswordStrength.strength(password)
+ log(f'Password strength: {strength.value}', fg=strength.color())
passwd_verification = getpass.getpass(prompt=_('And one more time for verification: '))
- if passwd != passwd_verification:
+ if password != passwd_verification:
log(' * Passwords did not match * ', fg='red')
continue
- return passwd
+ return password
return None