[enh] Automatically check for weak password

debian/control

@@ -12,7 +12,7 @@ Architecture: all
 Depends: ${python:Depends}, ${misc:Depends}
  , moulinette (>= 2.3.5.1)
  , python-psutil, python-requests, python-dnspython
- , python-apt, python-miniupnpc
+ , python-apt, python-miniupnpc, python-cracklib
  , glances
  , dnsutils, bind9utils, unzip, git, curl, cron
  , ca-certificates, netcat-openbsd, iproute

src/yunohost/user.py

@@ -32,12 +32,18 @@
 import subprocess
 import math
 import re
+import cracklib
 
 from moulinette.core import MoulinetteError
 from moulinette.utils.log import getActionLogger
 
 logger = getActionLogger('yunohost.user')
 
+def _check_password(password):
+    try:
+      cracklib.VeryFascistCheck(password)
+    except ValueError as e:
+      raise MoulinetteError(errno.EINVAL, m18n.n('password_too_weak') + " : " + str(e) )
 
 def user_list(auth, fields=None, filter=None, limit=None, offset=None):
     """
@@ -110,6 +116,9 @@ def user_create(auth, username, firstname, lastname, mail, password,
     from yunohost.hook import hook_callback
     from yunohost.app import app_ssowatconf
 
+    # Ensure sufficiently complex password
+    _check_password(password)
+
     # Validate uniqueness of username and mail in LDAP
     auth.validate_uniqueness({
         'uid'       : username,
@@ -291,6 +300,9 @@ def user_update(auth, username, firstname=None, lastname=None, mail=None,
         new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname
 
     if change_password:
+        # Ensure sufficiently complex password
+        _check_password(change_password)
+
         char_set = string.ascii_uppercase + string.digits
         salt = ''.join(random.sample(char_set,8))
         salt = '$1$' + salt + '$'