URL: https://github.com/freeipa/freeipa/pull/5480 Author: rcritten Title: #5480: Backport: Allow leading/trailing whitespaces in passwords Action: opened
PR body: """ Allow leading/trailing whitespaces in passwords kwargs is redefined to set the `noextrawhitespace` parameter from the Str class to `False`. Fixes: https://pagure.io/freeipa/issue/7599 Signed-off-by: Antonio Torres Moríñigo <atorr...@protonmail.com> Reviewed-By: Alexander Bokovoy <aboko...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> It was a clean cherry-pick for the change and the test, adding ack. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5480/head:pr5480 git checkout pr5480
From 9ca3354b7283fb20a0deba20db86980b908c7a9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20Torres=20Mor=C3=AD=C3=B1igo?= <atorr...@protonmail.com> Date: Thu, 26 Nov 2020 21:42:03 +0100 Subject: [PATCH 1/2] Allow leading/trailing whitespaces in passwords MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kwargs is redefined to set the `noextrawhitespace` parameter from the Str class to `False`. Fixes: https://pagure.io/freeipa/issue/7599 Signed-off-by: Antonio Torres Moríñigo <atorr...@protonmail.com> Reviewed-By: Alexander Bokovoy <aboko...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> --- ipalib/parameters.py | 5 +++++ ipaserver/plugins/host.py | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ipalib/parameters.py b/ipalib/parameters.py index f06e1afeeca..22c82f6b6d8 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -1646,6 +1646,11 @@ class Password(Str): A parameter for passwords (stored in the ``unicode`` type). """ + kwargs = Data.kwargs + ( + ('pattern', (str,), None), + ('noextrawhitespace', bool, False), + ) + password = True def _convert_scalar(self, value, index=None): diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 766d232db58..5479021fd39 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -27,7 +27,7 @@ from ipalib import api, errors, util from ipalib import messages from ipalib import Str, StrEnum, Flag -from ipalib.parameters import Principal, Certificate +from ipalib.parameters import Data, Principal, Certificate from ipalib.plugable import Registry from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate, LDAPDelete, LDAPUpdate, LDAPSearch, @@ -260,6 +260,12 @@ class HostPassword(Str): setting a password on the command-line which would break backwards compatibility. """ + + kwargs = Data.kwargs + ( + ('pattern', (str,), None), + ('noextrawhitespace', bool, False), + ) + def safe_value(self, value): return u'********' From f557dabc8742dbf85e9a8040ceebaa09de944a4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20Torres=20Mor=C3=AD=C3=B1igo?= <atorr...@protonmail.com> Date: Fri, 4 Dec 2020 00:38:09 +0100 Subject: [PATCH 2/2] ipatests: test that trailing/leading whitespaces in passwords are allowed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add test to ensure that strings with trailing or leading whitespaces are allowed as valid passwords. Signed-off-by: Antonio Torres Moríñigo <atorr...@protonmail.com> Reviewed-By: Alexander Bokovoy <aboko...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> --- ipatests/test_ipalib/test_parameters.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ipatests/test_ipalib/test_parameters.py b/ipatests/test_ipalib/test_parameters.py index d9510974dd4..d71faf4f770 100644 --- a/ipatests/test_ipalib/test_parameters.py +++ b/ipatests/test_ipalib/test_parameters.py @@ -346,6 +346,12 @@ def test_safe_value(self): assert_equal(p.safe_value(value), u'********') assert p.safe_value(None) is None + def test_password_whitespaces(self): + values = ('Secret123', ' Secret123', 'Secret123 ', ' Secret123 ',) + p = parameters.Password('my_passwd') + for value in values: + assert(p.validate(value)) is None + def test_clone(self): """ Test the `ipalib.parameters.Param.clone` method.
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
