YDA-5505: do not accept backslashes in passwords

These don't get passed correctly to the external-auth script on the provider, and therefore cause authentication to fail.
UtrechtUniversity · Oct 18, 2023 · 785b0cd · 785b0cd
1 parent d51918b
commit 785b0cd
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 1 deletion.
diff --git a/yoda_eus/password_complexity.py b/yoda_eus/password_complexity.py
@@ -33,4 +33,7 @@ def check_password_complexity(password: str) -> List[str]:
     if not (any(c in string.punctuation for c in password)):
         errors.append("Password needs to contain at least one punctuation character ({})".format(string.punctuation))
 
+    if "\\" in password:
+        errors.append("Password must not contain backslashes.")
+
     return errors
diff --git a/yoda_eus/templates/web/activate.html b/yoda_eus/templates/web/activate.html
@@ -119,6 +119,10 @@
      passwordErrors.innerHTML = 'The passwords do not match.';
      submitButton.disabled = true;
    }
+   else if ( password.includes('\\') {
+     passwordErrors.innerHTML = 'The password contains a backslash.';
+     submitButton.disabled = true;
+   }
    else {
      passwordErrors.innerHTML = '';
      submitButton.disabled = false;

diff --git a/yoda_eus/templates/web/password-requirements.html b/yoda_eus/templates/web/password-requirements.html
@@ -1,7 +1,7 @@
                 <p> Your password must meet the following requirements: </p>
                 <ul>
                     <li>It must be between 10 and 1000 characters in length
-                    <li>It must not contain diacritics such as é, ö, and ç
+                    <li>It must not contain diacritics such as é, ö, and ç, or backslashes (&bsol;)
                     <li>At least 1 capital letter A-Z 
                     <li>At least 1 lowercase letter a-z 
                     <li>At least 1 number 0-9 

diff --git a/yoda_eus/templates/web/reset-password.html b/yoda_eus/templates/web/reset-password.html
@@ -109,6 +109,10 @@
      passwordErrors.innerHTML = 'The passwords do not match.';
      submitButton.disabled = true;
    }
+   else if ( password.includes('\\') {
+     passwordErrors.innerHTML = 'The password contains a backslash.';
+     submitButton.disabled = true;
+   }
    else {
      passwordErrors.innerHTML = '';
      submitButton.disabled = false;

diff --git a/yoda_eus/tests/test_unit.py b/yoda_eus/tests/test_unit.py
@@ -41,6 +41,10 @@ def test_password_validation_no_punctuation(self):
         result = check_password_complexity("Test123456789")
         assert result == ["Password needs to contain at least one punctuation character ({})".format(string.punctuation)]
 
+    def test_password_validation_backslash(self):
+        result = check_password_complexity("Test\\123456789!")
+        assert result == ["Password must not contain backslashes."]
+
     def test_password_validation_multiple(self):
         result = check_password_complexity("Test")
         assert len(result) == 3