Add password blacklist "BADPASS.TXT" support. Using top 10k passowrds from https://github.com/danielmiessler/SecLists/ by default

2017-03-14 20:21:23 -06:00 · 2017-03-14 20:21:23 -06:00 · 8ca0c31fb8
parent f510fca656
commit 8ca0c31fb8
3 changed files with 10023 additions and 1 deletions
--- a/core/config.js
+++ b/core/config.js
@ -136,6 +136,7 @@ function getDefaultConfig() {

 			passwordMin			: 6,
 			passwordMax			: 128,
+			badPassFile			: paths.join(__dirname, '../misc/10_million_password_list_top_10000.txt'),	//	https://github.com/danielmiessler/SecLists

 			realNameMax			: 32,
 			locationMax			: 32,
--- a/core/system_view_validate.js
+++ b/core/system_view_validate.js
@ -4,6 +4,10 @@
 //	ENiGMA½
 const User		= require('./user.js');
 const Config	= require('./config.js').config;
+const Log		= require('./logger.js').log;
+
+//	deps
+const fs		= require('fs');

 exports.validateNonEmpty		= validateNonEmpty;
 exports.validateMessageSubject	= validateMessageSubject;
@ -98,5 +102,22 @@ function validateBirthdate(data, cb) {
 }

 function validatePasswordSpec(data, cb) {
-	return cb((!data || data.length < Config.users.passwordMin) ? new Error('Password too short') : null);
+	if(!data || data.length < Config.users.passwordMin) {
+		return cb(new Error('Password too short'));
+	}
+
+	//	check badpass, if avail
+	fs.readFile(Config.users.badPassFile, 'utf8', (err, passwords) => {
+		if(err) {
+			Log.warn( { error : err.message }, 'Cannot read bad pass file');
+			return cb(null);
+		}
+
+		passwords = passwords.toString().split(/\r\n|\n/g);
+		if(passwords.includes(data)) {
+			return cb(new Error('Password is too common'));
+		}
+
+		return cb(null);
+	});
 }
--- a/misc/10_million_password_list_top_10000.txt
+++ b/misc/10_million_password_list_top_10000.txt