merge branch adamg-tooManyLoginFailures

zopefoundation · Jan 29, 2010 · ceeb226 · ceeb226
1 parent 28f451e
commit ceeb226
Show file tree

Hide file tree

Showing 13 changed files with 779 additions and 186 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -5,7 +5,12 @@ CHANGES
 0.8.0 (unreleased)
 ------------------
 
-- ...
+- Feature: ``failedAttemptCheck``
+  * increment failedAttempts on all/any request (this is the default)
+  * increment failedAttempts only on non-resource requests
+  * increment failedAttempts only on POST requests
+
+- Feature: more specific exceptions on new password verification.
 
 0.7.4 (2009-12-22)
 ------------------

diff --git a/setup.py b/setup.py
@@ -64,6 +64,7 @@ def read(*rnames):
         'zope.i18nmessageid',
         'zope.interface',
         'zope.schema',
+        'zope.security',
         ],
     zip_safe = False,
 )
diff --git a/src/z3c/password/README.txt b/src/z3c/password/README.txt
@@ -167,12 +167,12 @@ We want to have at least 5 lowercase letters in the password:
   >>> pwd.verify('FOOBAR123')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersLowerLetter
 
   >>> pwd.verify('foobAR123')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersLowerLetter
 
   >>> pwd.verify('foobaR123')
 
@@ -191,12 +191,12 @@ We want to have at least 5 uppercase letters in the password:
   >>> pwd.verify('foobar123')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersUpperLetter
 
   >>> pwd.verify('FOOBar123')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersUpperLetter
 
   >>> pwd.verify('fOOBAR123')
 
@@ -215,12 +215,12 @@ We want to have at least 5 digits in the password:
   >>> pwd.verify('foobar123')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersDigits
 
   >>> pwd.verify('FOOBa1234')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersDigits
 
   >>> pwd.verify('fOBA12345')
 
@@ -239,12 +239,12 @@ We want to have at least 5 specials in the password:
   >>> pwd.verify('foo(bar)')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersSpecials
 
   >>> pwd.verify('FO.#(Ba1)')
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersSpecials
 
   >>> pwd.verify('fO.,;()5')
 
@@ -262,12 +262,12 @@ We want to have at least 5 others in the password:
   >>> pwd.verify('foobar'+unichr(0x0c3)+unichr(0x0c4))
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersOthers
 
   >>> pwd.verify('foobar'+unichr(0x0c3)+unichr(0x0c4)+unichr(0x0e1))
   Traceback (most recent call last):
   ...
-  TooFewGroupCharacters
+  TooFewGroupCharactersOthers
 
   >>> pwd.verify('fOO'+unichr(0x0e1)*5)
 

diff --git a/src/z3c/password/interfaces.py b/src/z3c/password/interfaces.py
@@ -43,6 +43,25 @@ class TooManyGroupCharacters(InvalidPassword):
 class TooFewGroupCharacters(InvalidPassword):
     __doc__ = _('''Password does not contain enough characters of one group.''')
 
+class TooFewGroupCharactersLowerLetter(TooFewGroupCharacters):
+    __doc__ = _(
+        '''Password does not contain enough characters of lowercase letters.''')
+
+class TooFewGroupCharactersUpperLetter(TooFewGroupCharacters):
+    __doc__ = _(
+        '''Password does not contain enough characters of uppercase letters.''')
+
+class TooFewGroupCharactersDigits(TooFewGroupCharacters):
+    __doc__ = _('''Password does not contain enough characters of digits.''')
+
+class TooFewGroupCharactersSpecials(TooFewGroupCharacters):
+    __doc__ = _(
+        '''Password does not contain enough characters of special characters.''')
+
+class TooFewGroupCharactersOthers(TooFewGroupCharacters):
+    __doc__ = _(
+        '''Password does not contain enough characters of other characters.''')
+
 class TooFewUniqueCharacters(InvalidPassword):
     __doc__ = _('''Password does not contain enough unique characters.''')
 
@@ -70,6 +89,10 @@ def __init__(self, principal):
         self.principal = principal
         Exception.__init__(self, self.__doc__)
 
+TML_CHECK_ALL = None
+TML_CHECK_NONRESOURCE = 'nonres'
+TML_CHECK_POSTONLY = 'post'
+
 class AccountLocked(Exception):
     __doc__ = _('The account is locked, because the password was '
                 'entered incorrectly too often.')
@@ -302,6 +325,14 @@ class IPasswordOptionsUtility(zope.interface.Interface):
         required=False,
         default=None)
 
+    failedAttemptCheck = zope.schema.Choice(
+        title=_(u'Failed password check method'),
+        description=_(u'Failed password check method. '
+                      'All requests, non-reqource requests, POST requests.'),
+        required=False,
+        values=[TML_CHECK_ALL, TML_CHECK_NONRESOURCE, TML_CHECK_POSTONLY],
+        default=TML_CHECK_ALL )
+
     disallowPasswordReuse = zope.schema.Bool(
         title=_(u'Disallow Password Reuse'),
         description=_(u'Do not allow to set a previously set password again.'),

diff --git a/src/z3c/password/locales/de/LC_MESSAGES/z3c.password.mo b/src/z3c/password/locales/de/LC_MESSAGES/z3c.password.mo