Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4ef018ccfc | |||
| aa36f2eb82 | |||
| 931e93fbde |
@ -3,7 +3,8 @@ import string
|
||||
from .decrypted_account import DecryptedAccount
|
||||
|
||||
FORBIDDEN_CHARS = frozenset("`\n\\")
|
||||
PUNCTUATION = frozenset(string.punctuation).difference(FORBIDDEN_CHARS)
|
||||
FULL_PUNCTUATION = frozenset(string.punctuation)
|
||||
PUNCTUATION = FULL_PUNCTUATION.difference(FORBIDDEN_CHARS)
|
||||
|
||||
|
||||
def _base_check(val: str, /) -> bool:
|
||||
@ -21,9 +22,9 @@ def check_login(login: str) -> bool:
|
||||
return _base_check(login)
|
||||
|
||||
|
||||
def check_password(passwd: str) -> bool:
|
||||
def check_password(password: str) -> bool:
|
||||
"Returns true if password is valid"
|
||||
return _base_check(passwd)
|
||||
return _base_check(password)
|
||||
|
||||
|
||||
def check_account(account: DecryptedAccount) -> bool:
|
||||
@ -37,14 +38,28 @@ def check_account(account: DecryptedAccount) -> bool:
|
||||
)
|
||||
|
||||
|
||||
def check_gened_password(passwd: str, /) -> bool:
|
||||
def check_gened_password(password: str, /) -> bool:
|
||||
"""Retuns true if generated password is valid,
|
||||
false otherwise.
|
||||
Password is valid if there is at least one lowercase character,
|
||||
uppercase character and one punctuation character"""
|
||||
return (
|
||||
any(c.islower() for c in passwd)
|
||||
and any(c.isupper() for c in passwd)
|
||||
and any(c.isdigit() for c in passwd)
|
||||
and any(c in PUNCTUATION for c in passwd)
|
||||
any(c.islower() for c in password)
|
||||
and any(c.isupper() for c in password)
|
||||
and any(c.isdigit() for c in password)
|
||||
and any(c in PUNCTUATION for c in password)
|
||||
)
|
||||
|
||||
|
||||
def check_master_password(password: str) -> bool:
|
||||
"""Returns True if master password is valid.
|
||||
Master password has to have at least one lowercase letter,
|
||||
one uppercase letter, one digit, one punctuation character
|
||||
and length must be at least 8"""
|
||||
return (
|
||||
len(password) >= 8
|
||||
and any(c.islower() for c in password)
|
||||
and any(c.isupper() for c in password)
|
||||
and any(c.isdigit() for c in password)
|
||||
and any(c in FULL_PUNCTUATION for c in password)
|
||||
)
|
||||
|
||||
@ -14,6 +14,7 @@ from ..account_checks import (
|
||||
check_account_name,
|
||||
check_login,
|
||||
check_password,
|
||||
check_master_password,
|
||||
)
|
||||
from ..account_parsing import accounts_to_json, json_to_accounts
|
||||
from ..decrypted_account import DecryptedAccount
|
||||
@ -82,7 +83,7 @@ async def _delete_all2(
|
||||
) -> None:
|
||||
await base_handler(bot, mes, prev_mes)
|
||||
text = mes.text.strip()
|
||||
if encryption.master_pass.check_master_pass(text, master_pass):
|
||||
if encryption.master_pass.verify_master_pass(text, master_pass):
|
||||
db.delete.purge_accounts(engine, mes.from_user.id)
|
||||
db.delete.delete_master_pass(engine, mes.from_user.id)
|
||||
await send_tmp_message(
|
||||
@ -126,6 +127,17 @@ async def _set_master_pass2(
|
||||
if text == "/cancel":
|
||||
return await send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||
|
||||
if not check_master_password(text):
|
||||
await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
"Не подходящий мастер пароль\\. Он должен быть не меньше "
|
||||
"8 символов, иметь хотя бы один символ в нижнем и "
|
||||
"верхнем регистре, хотя бы один специальный символ",
|
||||
sleep_time=10,
|
||||
)
|
||||
return
|
||||
|
||||
master_password = encryption.master_pass.encrypt_master_pass(
|
||||
mes.from_user.id,
|
||||
text,
|
||||
@ -181,7 +193,7 @@ async def _reset_master_pass2(
|
||||
if text == "/cancel":
|
||||
await send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||
|
||||
if not encryption.master_pass.check_master_pass(text, master_pass):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_pass):
|
||||
await send_tmp_message(bot, mes.chat.id, "Неверный мастер пароль")
|
||||
return
|
||||
|
||||
@ -203,6 +215,17 @@ async def _reset_master_pass3(
|
||||
if text == "/cancel":
|
||||
return await send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||
|
||||
if not check_master_password(text):
|
||||
await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
"Не подходящий мастер пароль\\. Он должен быть не меньше "
|
||||
"8 символов, иметь хотя бы один символ в нижнем и "
|
||||
"верхнем регистре, хотя бы один специальный символ",
|
||||
sleep_time=10,
|
||||
)
|
||||
return
|
||||
|
||||
master_password = encryption.master_pass.encrypt_master_pass(
|
||||
mes.from_user.id,
|
||||
text,
|
||||
@ -334,7 +357,7 @@ async def _add_account5(
|
||||
return await send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||
|
||||
master_password = db.get.get_master_pass(engine, mes.from_user.id)
|
||||
if not encryption.master_pass.check_master_pass(text, master_password):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_password):
|
||||
return await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
@ -424,7 +447,7 @@ async def _get_account3(
|
||||
mes.from_user.id,
|
||||
)
|
||||
|
||||
if not encryption.master_pass.check_master_pass(text, master_password):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_password):
|
||||
return await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
@ -518,7 +541,7 @@ async def _delete_account3(
|
||||
) -> None:
|
||||
await base_handler(bot, mes, prev_mes)
|
||||
text = mes.text.strip()
|
||||
if not encryption.master_pass.check_master_pass(text, master_pass):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_pass):
|
||||
await send_tmp_message(bot, mes.chat.id, "Неверный пароль")
|
||||
return
|
||||
|
||||
@ -574,7 +597,7 @@ async def _export2(
|
||||
engine,
|
||||
mes.from_user.id,
|
||||
)
|
||||
if not encryption.master_pass.check_master_pass(text, master_password):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_password):
|
||||
return await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
@ -682,7 +705,7 @@ async def _import3(
|
||||
engine,
|
||||
mes.from_user.id,
|
||||
)
|
||||
if not encryption.master_pass.check_master_pass(text, master_password):
|
||||
if not encryption.master_pass.verify_master_pass(text, master_password):
|
||||
return await send_tmp_message(
|
||||
bot,
|
||||
mes.chat.id,
|
||||
|
||||
@ -20,7 +20,7 @@ class Cipher:
|
||||
algorithm=hashes.SHA256(),
|
||||
length=32,
|
||||
salt=salt,
|
||||
iterations=100000,
|
||||
iterations=480000,
|
||||
)
|
||||
return cls(kdf.derive(password))
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ def encrypt_master_pass(user_id: int, password: str) -> MasterPass:
|
||||
)
|
||||
|
||||
|
||||
def check_master_pass(password: str, master_password: MasterPass) -> bool:
|
||||
def verify_master_pass(password: str, master_password: MasterPass) -> bool:
|
||||
"""Checks if the master password is correct"""
|
||||
kdf = _get_kdf(master_password.salt)
|
||||
try:
|
||||
|
||||
Reference in New Issue
Block a user