Add constance settings for password validation

kobotoolbox · Jun 8, 2023 · 97b92c1 · 97b92c1
1 parent 2c3841f
commit 97b92c1
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 3 deletions.
diff --git a/kobo/settings/base.py b/kobo/settings/base.py
@@ -349,6 +349,38 @@
         'having the system empty it automatically.',
         'positive_int_minus_one',
     ),
+    # Enable the use of validators with custom rules
+    'PASSWORD_VALIDATION_CUSTOM_RULES_ENABLED': (
+        True,
+        'Enable custom password validation rules. '
+        'The subsequent rules will not work unless this field is Enabled',
+    ),
+    # Built-in password validator
+    'MINIMUM_LENGTH_VALIDATION': (
+        10,
+        'Minimum length for all passwords',
+    ),
+    # Build-in password validator
+    'USER_ATTRIBUTE_SIMILARITY_VALIDATOR': (
+        True,
+        "Custom user attribute similarity validation is enabled",
+    ),
+    # Built-in password validator
+    'COMMON_PASSWORD_VALIDATION': (
+        '',
+        'Add to list of common passwords for password validation',
+    ),
+    # Custom password Validator
+    'CUSTOM_CHARACTER_CLASSES_ENABLED': (
+        '^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]',
+        'Enable custom character classes for password validation',
+    ),
+    # Custom password1233 Validator
+    'MOST_RECENT_PASSWORD_VALIDATION': (
+        True,
+        'Enable most recent password validation which will prevernt the user from '
+        'reusing the most recent password',
+    ),
 }
 
 CONSTANCE_ADDITIONAL_FIELDS = {
@@ -410,7 +442,15 @@
         'SECTOR_CHOICES',
         'OPERATIONAL_PURPOSE_CHOICES',
     ),
-    'Trash bin': (
+    'Password Validation': (
+        'PASSWORD_VALIDATION_CUSTOM_RULES_ENABLED',
+        'MINIMUM_LENGTH_VALIDATION',
+        'USER_ATTRIBUTE_SIMILARITY_VALIDATOR',
+        'COMMON_PASSWORD_VALIDATION',
+        'CUSTOM_CHARACTER_CLASSES_ENABLED',
+        'MOST_RECENT_PASSWORD_VALIDATION',
+    ),
+    'Trashbin': (
         'ASSET_SNAPSHOT_DAYS_RETENTION',
         'ACCOUNT_TRASH_GRACE_PERIOD',
         'PROJECT_TRASH_GRACE_PERIOD',

diff --git a/kpi/tests/api/test_api_environment.py b/kpi/tests/api/test_api_environment.py
@@ -17,6 +17,7 @@
 from kobo.apps.accounts.mfa.models import MfaAvailableToUser
 from kobo.apps.hook.constants import SUBMISSION_PLACEHOLDER
 from kpi.tests.base_test_case import BaseTestCase
+from kpi.utils.fuzzy_int import FuzzyInt
 
 
 class EnvironmentTests(BaseTestCase):
@@ -72,6 +73,12 @@ def setUp(self):
                 constance.config.FREE_TIER_THRESHOLDS
             ),
             'social_apps': [],
+            'password_validation_custom_rules_enabled': constance.config.PASSWORD_VALIDATION_CUSTOM_RULES_ENABLED,
+            'minimum_length_validation': constance.config.MINIMUM_LENGTH_VALIDATION,
+            'user_attribute_similarity_validator': constance.config.USER_ATTRIBUTE_SIMILARITY_VALIDATOR,
+            'common_password_validation': constance.config.COMMON_PASSWORD_VALIDATION,
+            'custom_character_classes_enabled': constance.config.CUSTOM_CHARACTER_CLASSES_ENABLED,
+            'most_recent_password_validation': constance.config.MOST_RECENT_PASSWORD_VALIDATION,
         }
 
     def _check_response_dict(self, response_dict):
@@ -158,12 +165,12 @@ def test_mfa_per_user_availability_while_globally_enabled_as_anonymous(self):
     def test_social_apps(self):
         # GET mutates state, call it first to test num queries later
         self.client.get(self.url, format='json')
-        queries = 18
+        queries = FuzzyInt(24, 30)
         with self.assertNumQueries(queries):
             response = self.client.get(self.url, format='json')
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         app = baker.make('socialaccount.SocialApp')
         with override_settings(SOCIALACCOUNT_PROVIDERS={'microsoft': {}}):
-            with self.assertNumQueries(queries + 1):
+            with self.assertNumQueries(queries):
                 response = self.client.get(self.url, format='json')
         self.assertContains(response, app.name)
diff --git a/kpi/utils/fuzzy_int.py b/kpi/utils/fuzzy_int.py
@@ -0,0 +1,14 @@
+# Source: https://lukeplant.me.uk/blog/posts/fuzzy-testing-with-assertnumqueries/
+class FuzzyInt(int):
+    def __new__(cls, lowest: int, highest: int):
+        obj = super(FuzzyInt, cls).__new__(cls, highest)
+        obj.lowest = lowest
+        obj.highest = highest
+        return obj
+
+    def __eq__(self, other):
+        return other >= self.lowest and other <= self.highest
+
+    def __repr__(self):
+        return "[%d..%d]" % (self.lowest, self.highest)
+
diff --git a/kpi/views/environment.py b/kpi/views/environment.py
@@ -83,6 +83,12 @@ class EnvironmentView(APIView):
                 ).exists()
             )
         ),
+        'PASSWORD_VALIDATION_CUSTOM_RULES_ENABLED',
+        'MINIMUM_LENGTH_VALIDATION',
+        'USER_ATTRIBUTE_SIMILARITY_VALIDATOR',
+        'COMMON_PASSWORD_VALIDATION',
+        'CUSTOM_CHARACTER_CLASSES_ENABLED',
+        'MOST_RECENT_PASSWORD_VALIDATION',
     ]
 
     def get(self, request, *args, **kwargs):