[IMP] Allow the administator to forbid passwords that contain the login.

OCA · Jan 30, 2019 · 6dd9f34 · 6dd9f34
1 parent 574a2de
commit 6dd9f34
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 0 deletions.
diff --git a/password_security/models/res_company.py b/password_security/models/res_company.py
@@ -49,3 +49,8 @@ class ResCompany(models.Model):
         default=24,
         help='Amount of hours until a user may change password again',
     )
+    password_no_login = fields.Boolean(
+        'Password cannot contain Login',
+        default=True,
+        help='Disallow passwords containing the login.',
+    )
diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
@@ -56,6 +56,8 @@ def password_match_message(self):
             message.append('\n* ' + _('Numeric digit'))
         if company_id.password_special:
             message.append('\n* ' + _('Special character'))
+        if company_id.password_no_login:
+            message.append('\n* ' + _('Must not contain Login'))
         if message:
             message = [_('Must contain the following:')] + message
         if company_id.password_length:
@@ -89,6 +91,8 @@ def _check_password_rules(self, password):
         password_regex.append('.{%d,}$' % company_id.password_length)
         if not re.search(''.join(password_regex), password):
             raise PassError(self.password_match_message())
+        if company_id.password_no_login and self.login in password:
+            raise PassError(self.password_match_message())
         return True
 
     @api.multi

diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py
@@ -164,3 +164,11 @@ def test_underscore_is_special_character(self):
         self.assertTrue(self.main_comp.password_special)
         rec_id = self._new_record()
         rec_id._check_password('asdQWE12345_3')
+
+    def test_password_contains_login(self):
+        self.assertTrue(self.main_comp.password_no_login)
+        rec_id = self._new_record()
+        rec_id._check_password(self.password + 'abv')
+        self.assertRaises(
+            rec_id._check_password(rec_id.login + 'invalid'),
+            PassError)
diff --git a/password_security/views/res_company_view.xml b/password_security/views/res_company_view.xml
@@ -22,6 +22,7 @@
                         <group string="Extra">
                             <field name="password_length" />
                             <field name="password_history" />
+                            <field name="password_no_login" />
                         </group>
                     </group>
                     <group name="chars_grp" string="Required Characters">