1
0
mirror of https://github.com/mainflux/mainflux.git synced 2025-05-02 22:17:10 +08:00
Ivan Milošević 7bcaa323d4
MF-1317 - Configurable regexp rule for password (#1355)
* read and validate regex envar

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* pass regexp to user/api

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* resolve conflicts

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* use exported regexp variable

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* move password validation from users package

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* remove dead code

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* add password change request

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* move regexp from api to users package

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* fix tests

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* remove commented code

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* add regexp as field in userService, remove it as user exported global var

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* add passwd validation in service

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* Add psswd validation for change password in service

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* add password validation in password reset

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* Remove password validation from user validation test

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* Replace email and passwords in test with constants

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* compile error not fail silently

Signed-off-by: Ivan Milosevic <iva@blokovi.com>

* fix tempate path

Signed-off-by: Ivan Milosevic <iva@blokovi.com>
2021-03-01 15:22:57 +01:00

136 lines
3.0 KiB
Go

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0
package users
import (
"context"
"fmt"
"regexp"
"strings"
"golang.org/x/net/idna"
)
const (
maxLocalLen = 64
maxDomainLen = 255
maxTLDLen = 24 // longest TLD currently in existence
atSeparator = "@"
dotSeparator = "."
)
var (
userRegexp = regexp.MustCompile("^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~.-]+$")
hostRegexp = regexp.MustCompile("^[^\\s]+\\.[^\\s]+$")
userDotRegexp = regexp.MustCompile("(^[.]{1})|([.]{1}$)|([.]{2,})")
)
// Metadata to be used for mainflux thing or channel for customized
// describing of particular thing or channel.
type Metadata map[string]interface{}
// User represents a Mainflux user account. Each user is identified given its
// email and password.
type User struct {
ID string
Email string
Password string
Metadata Metadata
}
// Validate returns an error if user representation is invalid.
func (u User) Validate() error {
if !isEmail(u.Email) {
return ErrMalformedEntity
}
return nil
}
// UserRepository specifies an account persistence API.
type UserRepository interface {
// Save persists the user account. A non-nil error is returned to indicate
// operation failure.
Save(ctx context.Context, u User) (string, error)
// Update updates the user metadata.
UpdateUser(ctx context.Context, u User) error
// RetrieveByEmail retrieves user by its unique identifier (i.e. email).
RetrieveByEmail(ctx context.Context, email string) (User, error)
// RetrieveByID retrieves user by its unique identifier ID.
RetrieveByID(ctx context.Context, id string) (User, error)
// RetrieveAll retrieves all users
RetrieveAll(ctx context.Context, offset, limit uint64, email string, m Metadata) (UserPage, error)
// UpdatePassword updates password for user with given email
UpdatePassword(ctx context.Context, email, password string) error
// RetrieveMembers retrieves all users that belong to a group
RetrieveMembers(ctx context.Context, groupID string, offset, limit uint64, m Metadata) (UserPage, error)
}
func isEmail(email string) bool {
if email == "" {
return false
}
es := strings.Split(email, atSeparator)
if len(es) != 2 {
return false
}
local, host := es[0], es[1]
if local == "" || len(local) > maxLocalLen {
return false
}
hs := strings.Split(host, dotSeparator)
if len(hs) < 2 {
return false
}
domain, ext := hs[0], hs[1]
// Check subdomain and validate
if len(hs) > 2 {
if domain == "" {
return false
}
for i := 1; i < len(hs)-1; i++ {
sub := hs[i]
if sub == "" {
return false
}
domain = fmt.Sprintf("%s.%s", domain, sub)
}
ext = hs[len(hs)-1]
}
if domain == "" || len(domain) > maxDomainLen {
return false
}
if ext == "" || len(ext) > maxTLDLen {
return false
}
punyLocal, err := idna.ToASCII(local)
if err != nil {
return false
}
punyHost, err := idna.ToASCII(host)
if err != nil {
return false
}
if userDotRegexp.MatchString(punyLocal) || !userRegexp.MatchString(punyLocal) || !hostRegexp.MatchString(punyHost) {
return false
}
return true
}