Add password blacklist "BADPASS.TXT" support. Using top 10k passowrds from https://github.com/danielmiessler/SecLists/ by default
This commit is contained in:
parent
f510fca656
commit
8ca0c31fb8
|
@ -136,6 +136,7 @@ function getDefaultConfig() {
|
||||||
|
|
||||||
passwordMin : 6,
|
passwordMin : 6,
|
||||||
passwordMax : 128,
|
passwordMax : 128,
|
||||||
|
badPassFile : paths.join(__dirname, '../misc/10_million_password_list_top_10000.txt'), // https://github.com/danielmiessler/SecLists
|
||||||
|
|
||||||
realNameMax : 32,
|
realNameMax : 32,
|
||||||
locationMax : 32,
|
locationMax : 32,
|
||||||
|
|
|
@ -4,6 +4,10 @@
|
||||||
// ENiGMA½
|
// ENiGMA½
|
||||||
const User = require('./user.js');
|
const User = require('./user.js');
|
||||||
const Config = require('./config.js').config;
|
const Config = require('./config.js').config;
|
||||||
|
const Log = require('./logger.js').log;
|
||||||
|
|
||||||
|
// deps
|
||||||
|
const fs = require('fs');
|
||||||
|
|
||||||
exports.validateNonEmpty = validateNonEmpty;
|
exports.validateNonEmpty = validateNonEmpty;
|
||||||
exports.validateMessageSubject = validateMessageSubject;
|
exports.validateMessageSubject = validateMessageSubject;
|
||||||
|
@ -98,5 +102,22 @@ function validateBirthdate(data, cb) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function validatePasswordSpec(data, cb) {
|
function validatePasswordSpec(data, cb) {
|
||||||
return cb((!data || data.length < Config.users.passwordMin) ? new Error('Password too short') : null);
|
if(!data || data.length < Config.users.passwordMin) {
|
||||||
|
return cb(new Error('Password too short'));
|
||||||
|
}
|
||||||
|
|
||||||
|
// check badpass, if avail
|
||||||
|
fs.readFile(Config.users.badPassFile, 'utf8', (err, passwords) => {
|
||||||
|
if(err) {
|
||||||
|
Log.warn( { error : err.message }, 'Cannot read bad pass file');
|
||||||
|
return cb(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
passwords = passwords.toString().split(/\r\n|\n/g);
|
||||||
|
if(passwords.includes(data)) {
|
||||||
|
return cb(new Error('Password is too common'));
|
||||||
|
}
|
||||||
|
|
||||||
|
return cb(null);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue