zydronium/enigma-bbs
1
0
Fork 0
mirror of https://github.com/NuSkooler/enigma-bbs.git synced 2025-06-06 12:47:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add password blacklist "BADPASS.TXT" support. Using top 10k passowrds from https://github.com/danielmiessler/SecLists/ by default

Browse source
This commit is contained in:
Bryan Ashby 2017-03-14 20:21:23 -06:00
parent f510fca656
commit 8ca0c31fb8
3 changed files with 10023 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

23
core/system_view_validate.js
View file

@ -4,6 +4,10 @@
// ENiGMA½
const User = require('./user.js');
const Config = require('./config.js').config;
const Log = require('./logger.js').log;
// deps
const fs = require('fs');
exports.validateNonEmpty = validateNonEmpty;
exports.validateMessageSubject = validateMessageSubject;
@ -98,5 +102,22 @@ function validateBirthdate(data, cb) {
}
function validatePasswordSpec(data, cb) {
return cb((!data || data.length < Config.users.passwordMin) ? new Error('Password too short') : null);
if(!data || data.length < Config.users.passwordMin) {
return cb(new Error('Password too short'));
}
// check badpass, if avail
fs.readFile(Config.users.badPassFile, 'utf8', (err, passwords) => {
if(err) {
Log.warn( { error : err.message }, 'Cannot read bad pass file');
return cb(null);
}
passwords = passwords.toString().split(/\r\n|\n/g);
if(passwords.includes(data)) {
return cb(new Error('Password is too common'));
}
return cb(null);
});
}