Add the "password strength" check

author Felix Dörre <felix@dogcraft.de>

Mon, 23 Jun 2014 21:05:33 +0000 (23:05 +0200)

committer Felix Dörre <felix@dogcraft.de>

Mon, 23 Jun 2014 23:17:04 +0000 (01:17 +0200)
author Felix Dörre <felix@dogcraft.de>
Mon, 23 Jun 2014 21:05:33 +0000 (23:05 +0200)
committer Felix Dörre <felix@dogcraft.de>
Mon, 23 Jun 2014 23:17:04 +0000 (01:17 +0200)
diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java

index 4c44c37fe4a59a9e0e4054f3aa714735d3d4b1c4..cad5d1417ac2c535d2207c426285e12af0e1b9c3 100644 (file)
--- a/src/org/cacert/gigi/pages/main/Signup.java
+++ b/src/org/cacert/gigi/pages/main/Signup.java
@@ -21,6 +21,7 @@ import org.cacert.gigi.output.Template;
  import org.cacert.gigi.pages.Page;
  import org.cacert.gigi.util.EmailChecker;
  import org.cacert.gigi.util.HTMLEncoder;
+import org.cacert.gigi.util.PasswordStrengthChecker;
  
  public class Signup {
         User buildup = new User();
@@ -117,7 +118,15 @@ public class Signup {
                         outputError(out, req, "Pass Phrases don't match");
                         failed = true;
                 }
-               // TODO check password strength
+               int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup);
+               if (pwpoints < 3) {
+                       outputError(
+                                       out,
+                                       req,
+                                       "The Pass Phrase you submitted failed to contain enough"
+                                                       + " differing characters and/or contained words from"
+                                                       + " your name and/or email address.");
+               }
                 if (failed) {
                         out.println("</div>");
                         return false;
diff --git a/src/org/cacert/gigi/util/PasswordStrengthChecker.java b/src/org/cacert/gigi/util/PasswordStrengthChecker.java

new file mode 100644 (file)

index 0000000..3730799
--- /dev/null
+++ b/src/org/cacert/gigi/util/PasswordStrengthChecker.java
@@ -0,0 +1,78 @@
+package org.cacert.gigi.util;
+
+import java.util.regex.Pattern;
+
+import org.cacert.gigi.User;
+
+public class PasswordStrengthChecker {
+       static Pattern digits = Pattern.compile("\\d");
+       static Pattern lower = Pattern.compile("[a-z]");
+       static Pattern upper = Pattern.compile("[A-Z]");
+       static Pattern whitespace = Pattern.compile("\\s");
+       static Pattern special = Pattern.compile("\\W");
+       private PasswordStrengthChecker() {
+       }
+       public static int checkpwlight(String pw) {
+               int points = 0;
+               if (pw.length() > 15) {
+                       points++;
+               }
+               if (pw.length() > 20) {
+                       points++;
+               }
+               if (pw.length() > 25) {
+                       points++;
+               }
+               if (pw.length() > 30) {
+                       points++;
+               }
+               if (digits.matcher(pw).find()) {
+                       points++;
+               }
+               if (lower.matcher(pw).find()) {
+                       points++;
+               }
+               if (upper.matcher(pw).find()) {
+                       points++;
+               }
+               if (special.matcher(pw).find()) {
+                       points++;
+               }
+               if (whitespace.matcher(pw).find()) {
+                       points++;
+               }
+               return points;
+       }
+       public static int checkpw(String pw, User u) {
+               int light = checkpwlight(pw);
+               if (contained(pw, u.getEmail())) {
+                       light -= 2;
+               }
+               if (contained(pw, u.getFname())) {
+                       light -= 2;
+               }
+               if (contained(pw, u.getLname())) {
+                       light -= 2;
+               }
+               if (contained(pw, u.getMname())) {
+                       light -= 2;
+               }
+               if (contained(pw, u.getSuffix())) {
+                       light -= 2;
+               }
+               // TODO dictionary check
+               return light;
+       }
+       private static boolean contained(String pw, String check) {
+               if (check == null) {
+                       return false;
+               }
+               if (pw.contains(check)) {
+                       return true;
+               }
+               if (check.contains(pw)) {
+                       return true;
+               }
+               return false;
+       }
+}
author	Felix Dörre <felix@dogcraft.de>
	Mon, 23 Jun 2014 21:05:33 +0000 (23:05 +0200)
committer	Felix Dörre <felix@dogcraft.de>
	Mon, 23 Jun 2014 23:17:04 +0000 (01:17 +0200)
src/org/cacert/gigi/pages/main/Signup.java		patch \| blob \| history
src/org/cacert/gigi/util/PasswordStrengthChecker.java	[new file with mode: 0644]	patch \| blob