From 3691c667348a16f9b87533df1d25df0cd3b88852 Mon Sep 17 00:00:00 2001
From: Sietse Snel <s.t.snel@uu.nl>
Date: Wed, 18 Oct 2023 16:38:09 +0200
Subject: [PATCH] YDA-5505: do not accept backslashes in passwords

These don't get passed correctly to the external-auth script on the
provider, and therefore cause authentication to fail.
---
 yoda_eus/password_complexity.py                   | 3 +++
 yoda_eus/templates/web/password-requirements.html | 2 +-
 yoda_eus/tests/test_unit.py                       | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/yoda_eus/password_complexity.py b/yoda_eus/password_complexity.py
index db15905..2ab51b6 100644
--- a/yoda_eus/password_complexity.py
+++ b/yoda_eus/password_complexity.py
@@ -33,4 +33,7 @@ def check_password_complexity(password: str) -> List[str]:
     if not (any(c in string.punctuation for c in password)):
         errors.append("Password needs to contain at least one punctuation character ({})".format(string.punctuation))
 
+    if "\\" in password:
+        errors.append("Password must not contain backslashes.")
+
     return errors
diff --git a/yoda_eus/templates/web/password-requirements.html b/yoda_eus/templates/web/password-requirements.html
index aee37c9..96fdfb6 100644
--- a/yoda_eus/templates/web/password-requirements.html
+++ b/yoda_eus/templates/web/password-requirements.html
@@ -1,7 +1,7 @@
                 <p> Your password must meet the following requirements: </p>
                 <ul>
                     <li>It must be between 10 and 1000 characters in length
-                    <li>It must not contain diacritics such as é, ö, and ç
+                    <li>It must not contain diacritics such as é, ö, and ç, or backslashes (&bsol;)
                     <li>At least 1 capital letter A-Z 
                     <li>At least 1 lowercase letter a-z 
                     <li>At least 1 number 0-9 
diff --git a/yoda_eus/tests/test_unit.py b/yoda_eus/tests/test_unit.py
index d8c85b9..a01a310 100644
--- a/yoda_eus/tests/test_unit.py
+++ b/yoda_eus/tests/test_unit.py
@@ -41,6 +41,10 @@ def test_password_validation_no_punctuation(self):
         result = check_password_complexity("Test123456789")
         assert result == ["Password needs to contain at least one punctuation character ({})".format(string.punctuation)]
 
+    def test_password_validation_backslash(self):
+        result = check_password_complexity("Test\\123456789!")
+        assert result == ["Password must not contain backslashes."]
+
     def test_password_validation_multiple(self):
         result = check_password_complexity("Test")
         assert len(result) == 3