janl commented on a change in pull request #3483:
URL: https://github.com/apache/couchdb/pull/3483#discussion_r606804417
##########
File path: src/couch/src/couch_users_db.erl
##########
@@ -86,7 +90,63 @@ save_doc(#doc{body={Body}} = Doc) ->
Doc#doc{body={Body4}};
{_ClearPassword, Scheme} ->
couch_log:error("[couch_httpd_auth] password_scheme value of '~p' is
invalid.", [Scheme]),
- throw({forbidden, "Server cannot hash passwords at this time."})
+ throw({forbidden, ?PASSWORD_SERVER_ERROR})
+ end.
+
+% Validate if a new password matches all RegExp in the password_reqexp setting.
+% Throws if not.
+validate_password(ClearPassword) ->
+ case config:get("couch_httpd_auth", "password_reqexp", "") of
+ "" ->
+ ok;
+ "[]" ->
+ ok;
+ ValidateConfig ->
+ case couch_util:parse_term(ValidateConfig) of
+ {ok, RegExpList} when is_list(RegExpList) ->
+ % Check the password on every RegExp.
+ Loop = fun(RegExp) ->
+ check_password_with_regexp(ClearPassword, RegExp)
+ end,
+ lists:foreach(Loop, RegExpList),
+ ok;
+ {ok, NonListValue} ->
+ couch_log:error(
+ "[couch_httpd_auth] password_reqexp value of '~p' is invalid.",
Review comment:
@jaydoane if another auth module supports PW validation it can hardcode
its own name, so I think this is fine here. — And I prefer the convention of
`[section] key` for referring to config value.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
