force strong password

password must be 8 characters , containing at least 1 :
Capital letter
Small letter
symbol
number
SOFTARCH2022S-ZAYID-478
SayidCali jamac 2022-06-14 09:20:24 +03:00
parent fde3be4c23
commit 8441d4ed51
2 changed files with 52 additions and 5 deletions

View File

@ -1,9 +1,47 @@
from flask import * from flask import *
from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password
import re
# 初始化蓝图 # 初始化蓝图
accountService = Blueprint("accountService", __name__) accountService = Blueprint("accountService", __name__)
def password_check(password):
"""
Verify the strength of 'password'
Returns a dict indicating the wrong criteria
A password is considered strong if:
8 characters length or more
1 digit or more
1 symbol or more
1 uppercase letter or more
1 lowercase letter or more
"""
# calculating the length
length_error = len(password) < 8
# searching for digits
digit_error = re.search(r"\d", password) is None
# searching for uppercase
uppercase_error = re.search(r"[A-Z]", password) is None
# searching for lowercase
lowercase_error = re.search(r"[a-z]", password) is None
# searching for symbols
symbol_error = re.search(r"\W", password) is None
# overall result
password_ok = not ( length_error or digit_error or uppercase_error or lowercase_error or symbol_error )
return {
'password_ok' : password_ok,
'length_error' : length_error,
'digit_error' : digit_error,
'uppercase_error' : uppercase_error,
'lowercase_error' : lowercase_error,
'symbol_error' : symbol_error,
}
### Sign-up, login, logout ### ### Sign-up, login, logout ###
@accountService.route("/signup", methods=['GET', 'POST']) @accountService.route("/signup", methods=['GET', 'POST'])
@ -19,13 +57,22 @@ def signup():
# POST方法需判断是否注册成功再根据结果返回不同的内容 # POST方法需判断是否注册成功再根据结果返回不同的内容
username = escape(request.form['username']) username = escape(request.form['username'])
password = escape(request.form['password']) password = escape(request.form['password'])
passwordCheck = password_check(password=password)
is_password_ok = passwordCheck['password_ok']
length_error = 'At Least 8 Characters Required , ' if passwordCheck['length_error'] == True else ''
digit_error = 'At Least 1 Number Required , ' if passwordCheck['digit_error'] == True else ''
uppercase_error = 'At Least 1 Upper Case Letter Required , ' if passwordCheck['uppercase_error'] == True else ''
lowercase_error ='At Least 1 Lower Case Letter Required , 'if passwordCheck['lowercase_error'] == True else ''
symbol_error = 'At Least 1 Sysmbol Required' if passwordCheck['symbol_error'] == True else ''
password_errors = length_error + digit_error + uppercase_error + lowercase_error + symbol_error
available = check_username_availability(username) available = check_username_availability(username)
print(password_errors)
if not available: # 用户名不可用 if not available: # 用户名不可用
flash('用户名 %s 已经被注册。' % (username)) flash('用户名 %s 已经被注册。' % (username))
return render_template('signup.html') return render_template('signup.html')
elif len(password.strip()) < 4: # 密码过短 elif not is_password_ok: # 密码过短
return '密码过于简单。' flash (password_errors)
return render_template('signup.html')
else: # 添加账户信息 else: # 添加账户信息
add_user(username, password) add_user(username, password)
verified = verify_user(username, password) verified = verify_user(username, password)

View File

@ -11,7 +11,7 @@ You're logged in already! <a href="/logout">Logout</a>.
<form action="/signup" method="POST"> <form action="/signup" method="POST">
<p><input type="username" name="username" placeholder="邮箱地址、电话号码" required="required"></p> <p><input type="username" name="username" placeholder="邮箱地址、电话号码" required="required"></p>
<p><input type="password" name="password" placeholder="密码"></p> <p><input required type="password" name="password" placeholder="密码"></p>
<p><input type="submit" value="注册"></p> <p><input type="submit" value="注册"></p>
</form> </form>
{% endif %} {% endif %}