Modifies CmdUnconnectedCreate, CmdPassword and CmdNewPassword to use Django password validation before modification.

2026-03-25 17:26:32 +01:00 · 2018-09-20 21:29:56 +00:00 · 2018-09-20 21:29:56 +00:00 · a35539dbd6
commit a35539dbd6
parent 8d63f32d0f
3 changed files with 30 additions and 9 deletions
--- a/evennia/commands/default/account.py
+++ b/evennia/commands/default/account.py
@ -627,10 +627,16 @@ class CmdPassword(COMMAND_DEFAULT_CLASS):
            return
        oldpass = self.lhslist[0]  # Both of these are
        newpass = self.rhslist[0]  # already stripped by parse()
+        
+        # Validate password
+        validated, error = account.validate_password(newpass)
+        
        if not account.check_password(oldpass):
            self.msg("The specified old password isn't correct.")
-        elif len(newpass) < 3:
-            self.msg("Passwords must be at least three characters long.")
+        elif not validated:
+            errors = [e for suberror in error.messages for e in error.messages]
+            string = "\n".join(errors)
+            self.msg(string)
        else:
            account.set_password(newpass)
            account.save()
--- a/evennia/commands/default/admin.py
+++ b/evennia/commands/default/admin.py
@ -428,12 +428,23 @@ class CmdNewPassword(COMMAND_DEFAULT_CLASS):
        account = caller.search_account(self.lhs)
        if not account:
            return
-        account.set_password(self.rhs)
+        
+        newpass = self.rhs
+        
+        # Validate password
+        validated, error = account.validate_password(newpass)
+        if not validated:
+            errors = [e for suberror in error.messages for e in error.messages]
+            string = "\n".join(errors)
+            caller.msg(string)
+            return
+        
+        account.set_password(newpass)
        account.save()
-        self.msg("%s - new password set to '%s'." % (account.name, self.rhs))
+        self.msg("%s - new password set to '%s'." % (account.name, newpass))
        if account.character != caller:
            account.msg("%s has changed your password to '%s'." % (caller.name,
-                                                                   self.rhs))
+                                                                   newpass))


 class CmdPerm(COMMAND_DEFAULT_CLASS):
--- a/evennia/commands/default/unloggedin.py
+++ b/evennia/commands/default/unloggedin.py
@ -294,10 +294,14 @@ class CmdUnconnectedCreate(COMMAND_DEFAULT_CLASS):
            string = "\n\r That name is reserved. Please choose another Accountname."
            session.msg(string)
            return
-        if not re.findall(r"^[\w. @+\-']+$", password) or not (3 < len(password)):
-            string = "\n\r Password should be longer than 3 characters. Letters, spaces, digits and @/./+/-/_/' only." \
-                     "\nFor best security, make it longer than 8 characters. You can also use a phrase of" \
-                     "\nmany words if you enclose the password in double quotes."
+        
+        # Validate password
+        Account = utils.class_from_module(settings.BASE_ACCOUNT_TYPECLASS)
+        # Have to create a dummy Account object to check username similarity
+        valid, error = Account.validate_password(password, account=Account(username=accountname))
+        if error:
+            errors = [e for suberror in error.messages for e in error.messages]
+            string = "\n".join(errors)
            session.msg(string)
            return