-
Notifications
You must be signed in to change notification settings - Fork 10
/
passwords.go
61 lines (50 loc) · 1.7 KB
/
passwords.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package plugin
import (
"context"
"strings"
"github.com/hashicorp/go-secure-stdlib/base62"
)
var (
// Per https://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords
minimumLengthOfComplexString = 8
passwordComplexityPrefix = "?@09AZ"
pwdFieldTmpl = "{{PASSWORD}}"
)
type passwordGenerator interface {
GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error)
}
// GeneratePassword from the password configuration. This will either generate based on a password policy
// or from the provided formatter. The formatter/length options are deprecated.
func GeneratePassword(ctx context.Context, passConf passwordConf, generator passwordGenerator) (password string, err error) {
err = passConf.validate()
if err != nil {
return "", err
}
if passConf.PasswordPolicy != "" {
return generator.GeneratePasswordFromPolicy(ctx, passConf.PasswordPolicy)
}
return generateDeprecatedPassword(passConf.Formatter, passConf.Length)
}
func generateDeprecatedPassword(formatter string, totalLength int) (string, error) {
// Has formatter
if formatter != "" {
passLen := lengthOfPassword(formatter, totalLength)
pwd, err := base62.Random(passLen)
if err != nil {
return "", err
}
return strings.Replace(formatter, pwdFieldTmpl, pwd, 1), nil
}
// Doesn't have formatter
pwd, err := base62.Random(totalLength - len(passwordComplexityPrefix))
if err != nil {
return "", err
}
return passwordComplexityPrefix + pwd, nil
}
func lengthOfPassword(formatter string, totalLength int) int {
lengthOfText := len(formatter) - len(pwdFieldTmpl)
return totalLength - lengthOfText
}