Bugfies password validation from testrun

cps/admin.py

@@ -1848,8 +1848,8 @@ def _handle_new_user(to_save, content, languages, translations, kobo_support):
         content.sidebar_view |= constants.DETAIL_RANDOM
 
     content.role = constants.selected_roles(to_save)
-    content.password = generate_password_hash(to_save["password"])
     try:
+        content.password = generate_password_hash(helper.valid_password(to_save["password"]))
         if not to_save["name"] or not to_save["email"] or not to_save["password"]:
             log.info("Missing entries on new user")
             raise Exception(_(u"Please fill out all fields!"))
@@ -1936,8 +1936,8 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
             log.warning("No admin user remaining, can't remove admin role from {}".format(content.name))
             flash(_("No admin user remaining, can't remove admin role"), category="error")
             return redirect(url_for('admin.admin'))
-        if to_save.get("password"):
-            content.password = generate_password_hash(to_save["password"])
+        if 'password' in to_save:
+            content.password = generate_password_hash(helper.valid_password(to_save('password')))
         anonymous = content.is_anonymous
         content.role = constants.selected_roles(to_save)
         if anonymous:

cps/helper.py

@@ -661,6 +661,23 @@ def valid_email(email):
         raise Exception(_(u"Invalid e-mail address format"))
     return email
 
+def valid_password(check_password):
+    if config.config_password_policy:
+        verify = ""
+        if config.config_password_min_length > 0:
+            verify += "^(?=\S{" + str(config.config_password_min_length) + ",}$)"
+        if config.config_password_number:
+            verify += "(?=.*?\d)"
+        if config.config_password_lower:
+            verify += "(?=.*?[a-z])"
+        if config.config_password_upper:
+            verify += "(?=.*?[A-Z])"
+        if config.config_password_special:
+            verify += "(?=.*?[^A-Za-z\s0-9])"
+        match = re.match(verify, check_password)
+        if not match:
+            raise Exception(_("Password doesn't comply with password validation rules"))
+    return check_password
 # ################################# External interface #################################
 
 

cps/static/js/password.js

@@ -28,7 +28,8 @@ $(document).ready(function() {
             // Initialized and ready to go
             var options = {};
             options.common = {
-                minChar: $('#password').data("min")
+                minChar: $('#password').data("min"),
+                maxChar: -1
             }
             options.ui = {
                 bootstrap3: true,

cps/templates/config_edit.html

@@ -389,7 +389,7 @@
                 <label for="config_password_lower">{{_('Enforce lowercase characters')}}</label>
               </div>
               <div class="form-group" style="margin-left:10px;">
-                <input type="checkbox" id="config_password_lower" name="config_password_upper"  {% if config.config_password_upper %}checked{% endif %}>
+                <input type="checkbox" id="config_password_upper" name="config_password_upper"  {% if config.config_password_upper %}checked{% endif %}>
                 <label for="config_password_upper">{{_('Enforce uppercase characters')}}</label>
               </div>
               <div class="form-group" style="margin-left:10px;">

cps/web.py

@@ -23,7 +23,6 @@ import json
 import mimetypes
 import chardet  # dependency of requests
 import copy
-import re
 
 from flask import Blueprint, jsonify
 from flask import request, redirect, send_from_directory, make_response, flash, abort, url_for
@@ -47,7 +46,7 @@ from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
 from .helper import check_valid_domain, check_email, check_username, \
     get_book_cover, get_series_cover_thumbnail, get_download_link, send_mail, generate_random_password, \
     send_registration_mail, check_send_to_ereader, check_read_formats, tags_filters, reset_password, valid_email, \
-    edit_book_read_status
+    edit_book_read_status, valid_password
 from .pagination import Pagination
 from .redirect import redirect_back
 from .babel import get_available_locale
@@ -1359,23 +1358,8 @@ def change_profile(kobo_support, local_oauth_check, oauth_status, translations,
     current_user.random_books = 0
     try:
         if current_user.role_passwd() or current_user.role_admin():
-            if to_save.get("password"):
-                if config.config_password_policy:
-                    verify = ""
-                    if config.config_password_min_length > 0:
-                        verify += "^(?=\S{" + str(config.config_password_min_length) + ",}$)"
-                    if config.config_password_number:
-                        verify += "(?=.*?\d)"
-                    if config.config_password_lower:
-                        verify += "(?=.*?[a-z])"
-                    if config.config_password_upper:
-                        verify += "(?=.*?[A-Z])"
-                    if config.config_password_special:
-                        verify += "(?=.*?[^A-Za-z\s0-9])"
-                    match = re.match(verify, to_save.get("password"))
-                    if not match:
-                        raise Exception(_("Password doesn't comply with password validation rules"))
-                current_user.password = generate_password_hash(to_save.get("password"))
+            if 'password' in to_save:
+                current_user.password = generate_password_hash(valid_password(to_save('password')))
         if to_save.get("kindle_mail", current_user.kindle_mail) != current_user.kindle_mail:
             current_user.kindle_mail = valid_email(to_save.get("kindle_mail"))
         if to_save.get("email", current_user.email) != current_user.email: