# HG changeset patch # User Matthew Wild # Date 1640181805 0 # Node ID caf7e88dc9e576fdba530b1ab52963fdd581b97c # Parent 56eba4bca28f17402279f331b1147f2344c34e14 mod_password_policy: Add check that password doesn't contain username diff -r 56eba4bca28f -r caf7e88dc9e5 mod_password_policy/mod_password_policy.lua --- a/mod_password_policy/mod_password_policy.lua Wed Dec 22 14:01:53 2021 +0000 +++ b/mod_password_policy/mod_password_policy.lua Wed Dec 22 14:03:25 2021 +0000 @@ -13,13 +13,23 @@ options = options or {}; options.length = options.length or 8; +if options.exclude_username == nil then + options.exclude_username = true; +end local st = require "util.stanza"; -function check_password(password) +function check_password(password, additional_info) if #password < options.length then return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length"; end + + if additional_info then + local username = additional_info.username; + if username and password:lower():find(username:lower(), 1, true) then + return nil, "Password must not include your username", "username"; + end + end return true; end @@ -46,9 +56,13 @@ table.insert(passwords, query:get_child_text("password")); + local additional_info = { + username = origin.username; + }; + for _,password in ipairs(passwords) do if password then - local pw_ok, pw_err, pw_failed_policy = check_password(password); + local pw_ok, pw_err, pw_failed_policy = check_password(password, additional_info); if not pw_ok then module:log("debug", "Password failed check against '%s' policy", pw_failed_policy); origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err));