IS_PASSWORD validator?
2 views
Skip to first unread message
mr.freeze
Jun 11, 2009, 7:29:01 PM6/11/09
to web2py Web Framework
Does anyone already have a validator built that has options for
enforcing various password complexity requirements? Just wondering
before I make one.
enforcing various password complexity requirements? Just wondering
before I make one.
mdipierro
Jun 11, 2009, 9:00:03 PM6/11/09
to web2py Web Framework
do not make one. add the feature to crypt. client side there are
jquery libraries that do what you need.
jquery libraries that do what you need.
mr.freeze
Jun 15, 2009, 8:31:18 PM6/15/09
to web2py Web Framework
I know you said not to make one but it felt wrong mixing with CRYPT.
I settled on IS_COMPLEX. With it you can do:
db.mytable.myfield.requires = [IS_COMPLEX(min=10, max=20, upper=2,
lower=2, number=1, special=2, specials="!@#$%^"), CRYPT()]
It will automatically generate the error message(s) based on the reason
(s) it failed
Use 0 to disallow upper, lower, number or special characters
Use 1 or greater for the minimum upper, lower, number or special
characters
Use None to bypass checking of upper, lower, number or special
characters.
Let me know if you're interested in a patch. Otherwise, I'll just
post it here in case it helps someone.
class IS_COMPLEX(object):
"""
example:
INPUT(_type='password',_name='passwd',requires=IS_COMPLEX(min=10,
special=2, upper=2))
enforces complexity requirements on a field
"""
def __init__(self, min=8, max=20, upper=1, lower=1, number=1,
special=1, specials=r'~!@#$%^&*()_+-=?<>,.:;{}[]|',
error_message='Does not meet complexity
requirements', generate_errors=True):
self.min = min
self.max = max
self.upper = upper
self.lower = lower
self.number = number
self.special = special
self.specials = specials
self.error_message = error_message
self.generate_errors = generate_errors
def __call__(self, value):
failures = []
if type(self.min) == int and self.min > 0:
if not len(value) >= self.min:
failures.append("Minimum length is " + str(self.min))
if type(self.max) == int and self.max > 0:
if not len(value) <= self.max:
failures.append("Maximum length is " + str(self.max))
if type(self.special) == int:
all_special = [ch in value for ch in self.specials]
if self.special > 0:
if not all_special.count(True) >= self.special:
failures.append("Must include " + str
(self.special) + " of the following : " + self.specials)
else:
if all_special.count(True) > 0:
failures.append("Cannot include any of the
following : " + self.specials)
if type(self.upper) == int:
all_upper = re.findall("[A-Z]", value)
if self.upper > 0:
if not len(all_upper) >= self.upper:
failures.append("Must include " + str(self.upper)
+ " upper case")
else:
if len(all_upper) > 0:
failures.append("Cannot include upper case
letters")
if type(self.lower) == int:
all_lower = re.findall("[a-z]", value)
if self.lower > 0:
if not len(all_lower) >= self.lower:
failures.append("Must include " + str(self.lower)
+ " lower case")
else:
if len(all_lower) > 0:
failures.append("Cannot include lower case
letters")
if type(self.number) == int:
all_number = re.findall("[0-9]", value)
if self.number > 0:
if not len(all_number) >= self.number:
failures.append("Must include " + str(self.number)
+ " numbers")
else:
if len(all_number) > 0:
failures.append("Cannot include any
numbers")
if len(failures) == 0:
return (value, None)
if self.generate_errors:
from gluon.html import XML
return (value, XML('<br/>'.join(failures)))
else:
return (value, self.error_message)
> > before I make one.- Hide quoted text -
>
> - Show quoted text -
I settled on IS_COMPLEX. With it you can do:
db.mytable.myfield.requires = [IS_COMPLEX(min=10, max=20, upper=2,
lower=2, number=1, special=2, specials="!@#$%^"), CRYPT()]
It will automatically generate the error message(s) based on the reason
(s) it failed
Use 0 to disallow upper, lower, number or special characters
Use 1 or greater for the minimum upper, lower, number or special
characters
Use None to bypass checking of upper, lower, number or special
characters.
Let me know if you're interested in a patch. Otherwise, I'll just
post it here in case it helps someone.
class IS_COMPLEX(object):
"""
example:
INPUT(_type='password',_name='passwd',requires=IS_COMPLEX(min=10,
special=2, upper=2))
enforces complexity requirements on a field
"""
def __init__(self, min=8, max=20, upper=1, lower=1, number=1,
special=1, specials=r'~!@#$%^&*()_+-=?<>,.:;{}[]|',
error_message='Does not meet complexity
requirements', generate_errors=True):
self.min = min
self.max = max
self.upper = upper
self.lower = lower
self.number = number
self.special = special
self.specials = specials
self.error_message = error_message
self.generate_errors = generate_errors
def __call__(self, value):
failures = []
if type(self.min) == int and self.min > 0:
if not len(value) >= self.min:
failures.append("Minimum length is " + str(self.min))
if type(self.max) == int and self.max > 0:
if not len(value) <= self.max:
failures.append("Maximum length is " + str(self.max))
if type(self.special) == int:
all_special = [ch in value for ch in self.specials]
if self.special > 0:
if not all_special.count(True) >= self.special:
failures.append("Must include " + str
(self.special) + " of the following : " + self.specials)
else:
if all_special.count(True) > 0:
failures.append("Cannot include any of the
following : " + self.specials)
if type(self.upper) == int:
all_upper = re.findall("[A-Z]", value)
if self.upper > 0:
if not len(all_upper) >= self.upper:
failures.append("Must include " + str(self.upper)
+ " upper case")
else:
if len(all_upper) > 0:
failures.append("Cannot include upper case
letters")
if type(self.lower) == int:
all_lower = re.findall("[a-z]", value)
if self.lower > 0:
if not len(all_lower) >= self.lower:
failures.append("Must include " + str(self.lower)
+ " lower case")
else:
if len(all_lower) > 0:
failures.append("Cannot include lower case
letters")
if type(self.number) == int:
all_number = re.findall("[0-9]", value)
if self.number > 0:
if not len(all_number) >= self.number:
failures.append("Must include " + str(self.number)
+ " numbers")
else:
if len(all_number) > 0:
failures.append("Cannot include any
numbers")
if len(failures) == 0:
return (value, None)
if self.generate_errors:
from gluon.html import XML
return (value, XML('<br/>'.join(failures)))
else:
return (value, self.error_message)
>
> - Show quoted text -
mdipierro
Jun 15, 2009, 8:36:45 PM6/15/09
to web2py Web Framework
OK, I will include this in web2py but probably merge it with CRYPT.
Any reason not to?
Massimo
Any reason not to?
Massimo
mr.freeze
Jun 15, 2009, 8:43:25 PM6/15/09
to web2py Web Framework
It just seems like validation and encryption should remain separate
but I will defer to your judgment.
but I will defer to your judgment.
mdipierro
Jun 15, 2009, 9:15:20 PM6/15/09
to web2py Web Framework
why? when would you one without the other?
Massimo
Massimo
mr.freeze
Jun 15, 2009, 9:28:21 PM6/15/09
to web2py Web Framework
Two situations come to mind:
If you wanted to use a custom encryption method
If the field wasn't a password and didn't require encryption (our
organization has complexity requirements on usernames too)
If you wanted to use a custom encryption method
If the field wasn't a password and didn't require encryption (our
organization has complexity requirements on usernames too)
mdipierro
Jun 15, 2009, 9:32:37 PM6/15/09
to web2py Web Framework
OK. the second is a good point (the first one is not because you can
pass a custom hash algorithm to CRYPT).
I will keep it separate.
Massimo
pass a custom hash algorithm to CRYPT).
I will keep it separate.
Massimo
mr.freeze
Jun 15, 2009, 10:31:14 PM6/15/09
to web2py Web Framework
I sent you a patch.
> > > > > > > - Show quoted text -- Hide quoted text -
Reply all
Reply to author
Forward
0 new messages