From d0a9ecf0cba998b44a216c5cdf1800eea152f379 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 21 May 2014 18:18:58 -0300 Subject: Update username regex to support the same as webapp. Rename password util to credentials and add a username check helper. Move the username regexp to the credentials module. Closes #5695. --- changes/bug-5695_fix-username-regex-support | 3 ++ src/leap/bitmask/gui/login.py | 5 +- src/leap/bitmask/gui/preferenceswindow.py | 4 +- src/leap/bitmask/gui/wizard.py | 25 ++++++--- src/leap/bitmask/util/credentials.py | 81 +++++++++++++++++++++++++++++ src/leap/bitmask/util/password.py | 58 --------------------- 6 files changed, 106 insertions(+), 70 deletions(-) create mode 100644 changes/bug-5695_fix-username-regex-support create mode 100644 src/leap/bitmask/util/credentials.py delete mode 100644 src/leap/bitmask/util/password.py diff --git a/changes/bug-5695_fix-username-regex-support b/changes/bug-5695_fix-username-regex-support new file mode 100644 index 00000000..855ec149 --- /dev/null +++ b/changes/bug-5695_fix-username-regex-support @@ -0,0 +1,3 @@ +- Update username regex to support the same as webapp. Closes #5965. +- Wrong error message for username too short. (Bug #5697) +- Cleanup and refactor username/password validators. diff --git a/src/leap/bitmask/gui/login.py b/src/leap/bitmask/gui/login.py index ac7ad878..f66e71d9 100644 --- a/src/leap/bitmask/gui/login.py +++ b/src/leap/bitmask/gui/login.py @@ -24,6 +24,7 @@ from ui_login import Ui_LoginWidget from leap.bitmask.config import flags from leap.bitmask.util import make_address +from leap.bitmask.util.credentials import USERNAME_REGEX from leap.bitmask.util.keyring_helpers import has_keyring from leap.bitmask.util.keyring_helpers import get_keyring from leap.common.check import leap_assert_type @@ -48,8 +49,6 @@ class LoginWidget(QtGui.QWidget): MAX_STATUS_WIDTH = 40 - BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$" - # Keyring KEYRING_KEY = "bitmask" @@ -87,7 +86,7 @@ class LoginWidget(QtGui.QWidget): self.ui.btnLogout.clicked.connect( self.logout) - username_re = QtCore.QRegExp(self.BARE_USERNAME_REGEX) + username_re = QtCore.QRegExp(USERNAME_REGEX) self.ui.lnUser.setValidator( QtGui.QRegExpValidator(username_re, self)) diff --git a/src/leap/bitmask/gui/preferenceswindow.py b/src/leap/bitmask/gui/preferenceswindow.py index 47011a85..0a4c7f56 100644 --- a/src/leap/bitmask/gui/preferenceswindow.py +++ b/src/leap/bitmask/gui/preferenceswindow.py @@ -27,7 +27,7 @@ from PySide import QtCore, QtGui from leap.bitmask.provider import get_provider_path from leap.bitmask.config.leapsettings import LeapSettings from leap.bitmask.gui.ui_preferences import Ui_Preferences -from leap.bitmask.util.password import basic_password_checks +from leap.bitmask.util.credentials import password_checks from leap.bitmask.services import get_supported from leap.bitmask.config.providerconfig import ProviderConfig from leap.bitmask.services import get_service_display_name, MX_SERVICE @@ -198,7 +198,7 @@ class PreferencesWindow(QtGui.QDialog): new_password = self.ui.leNewPassword.text() new_password2 = self.ui.leNewPassword2.text() - ok, msg = basic_password_checks(username, new_password, new_password2) + ok, msg = password_checks(username, new_password, new_password2) if not ok: self._set_changing_password(False) diff --git a/src/leap/bitmask/gui/wizard.py b/src/leap/bitmask/gui/wizard.py index 316b2bff..ce45b431 100644 --- a/src/leap/bitmask/gui/wizard.py +++ b/src/leap/bitmask/gui/wizard.py @@ -29,8 +29,9 @@ from leap.bitmask.config.leapsettings import LeapSettings from leap.bitmask.config.providerconfig import ProviderConfig from leap.bitmask.provider import get_provider_path from leap.bitmask.services import get_service_display_name, get_supported +from leap.bitmask.util.credentials import password_checks, username_checks +from leap.bitmask.util.credentials import USERNAME_REGEX from leap.bitmask.util.keyring_helpers import has_keyring -from leap.bitmask.util.password import basic_password_checks from ui_wizard import Ui_Wizard @@ -49,8 +50,6 @@ class Wizard(QtGui.QWizard): REGISTER_USER_PAGE = 4 SERVICES_PAGE = 5 - BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$" - def __init__(self, backend, bypass_checks=False): """ Constructor for the main Wizard. @@ -118,7 +117,7 @@ class Wizard(QtGui.QWizard): self.ui.rbExistingProvider.toggled.connect(self._skip_provider_checks) - usernameRe = QtCore.QRegExp(self.BARE_USERNAME_REGEX) + usernameRe = QtCore.QRegExp(USERNAME_REGEX) self.ui.lblUser.setValidator( QtGui.QRegExpValidator(usernameRe, self)) @@ -231,6 +230,12 @@ class Wizard(QtGui.QWizard): if reset: self._reset_provider_check() + def _focus_username(self): + """ + Focus at the username lineedit for the registration page + """ + self.ui.lblUser.setFocus() + def _focus_password(self): """ Focuses at the password lineedit for the registration page @@ -253,16 +258,22 @@ class Wizard(QtGui.QWizard): password = self.ui.lblPassword.text() password2 = self.ui.lblPassword2.text() - ok, msg = basic_password_checks(username, password, password2) - if ok: + user_ok, msg = username_checks(username) + if user_ok: + pass_ok, msg = password_checks(username, password, password2) + + if user_ok and pass_ok: self._set_register_status(self.tr("Starting registration...")) self._backend.user_register(self._domain, username, password) self._username = username self._password = password else: + if user_ok: + self._focus_password() + else: + self._focus_username() self._set_register_status(msg, error=True) - self._focus_password() self.ui.btnRegister.setEnabled(True) def _set_registration_fields_visibility(self, visible): diff --git a/src/leap/bitmask/util/credentials.py b/src/leap/bitmask/util/credentials.py new file mode 100644 index 00000000..a661bfb0 --- /dev/null +++ b/src/leap/bitmask/util/credentials.py @@ -0,0 +1,81 @@ +# -*- coding: utf-8 -*- +# credentials.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +""" +Credentials utilities +""" +from PySide import QtCore, QtGui + +WEAK_PASSWORDS = ("123456", "qweasd", "qwerty", "password") +USERNAME_REGEX = r"^[A-Za-z][A-Za-z\d_\-\.]+[A-Za-z]$" + +USERNAME_VALIDATOR = QtGui.QRegExpValidator(QtCore.QRegExp(USERNAME_REGEX)) + + +def username_checks(username): + # translation helper + _tr = QtCore.QObject().tr + + message = None + + if message is None and len(username) < 2: + message = _tr("Username must have at least 2 characters") + + valid = USERNAME_VALIDATOR.validate(username, 0) + valid_username = valid[0] == QtGui.QValidator.State.Acceptable + if message is None and not valid_username: + message = _tr("Invalid username") + + return message is None, message + + +def password_checks(username, password, password2): + """ + Performs basic password checks to avoid really easy passwords. + + :param username: username provided at the registrarion form + :type username: str + :param password: password from the registration form + :type password: str + :param password2: second password from the registration form + :type password: str + + :returns: True and empty message if all the checks pass, + False and an error message otherwise + :rtype: tuple(bool, str) + """ + # translation helper + _tr = QtCore.QObject().tr + + message = None + + if message is None and password != password2: + message = _tr("Passwords don't match") + + if message is None and not password: + message = _tr("You can't use an empty password") + + if message is None and len(password) < 6: + message = _tr("Password too short") + + if message is None and password in WEAK_PASSWORDS: + message = _tr("Password too easy") + + if message is None and username == password: + message = _tr("Password equal to username") + + return message is None, message diff --git a/src/leap/bitmask/util/password.py b/src/leap/bitmask/util/password.py deleted file mode 100644 index 73659f0d..00000000 --- a/src/leap/bitmask/util/password.py +++ /dev/null @@ -1,58 +0,0 @@ -# -*- coding: utf-8 -*- -# password.py -# Copyright (C) 2013 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -""" -Password utilities -""" -from PySide import QtCore - -WEAK_PASSWORDS = ("123456", "qweasd", "qwerty", "password") - - -def basic_password_checks(username, password, password2): - """ - Performs basic password checks to avoid really easy passwords. - - :param username: username provided at the registrarion form - :type username: str - :param password: password from the registration form - :type password: str - :param password2: second password from the registration form - :type password: str - - :returns: True and empty message if all the checks pass, - False and an error message otherwise - :rtype: tuple(bool, str) - """ - # translation helper - _tr = QtCore.QObject().tr - - message = None - - if message is None and password != password2: - message = _tr("Passwords don't match") - - if message is None and len(password) < 6: - message = _tr("Password too short") - - if message is None and password in WEAK_PASSWORDS: - message = _tr("Password too easy") - - if message is None and username == password: - message = _tr("Password equal to username") - - return message is None, message -- cgit v1.2.3