diff --git a/authentik/policies/password/models.py b/authentik/policies/password/models.py index fed63464f..97697136f 100644 --- a/authentik/policies/password/models.py +++ b/authentik/policies/password/models.py @@ -150,6 +150,8 @@ class PasswordPolicy(Policy): results = zxcvbn(password[:100], user_inputs) LOGGER.debug("password failed", check="zxcvbn", score=results["score"]) result = PolicyResult(results["score"] > self.zxcvbn_score_threshold) + if not result.passing: + result.messages += tuple((_("Password is too weak."),)) if isinstance(results["feedback"]["warning"], list): result.messages += tuple(results["feedback"]["warning"]) if isinstance(results["feedback"]["suggestions"], list): diff --git a/authentik/policies/password/tests/test_zxcvbn.py b/authentik/policies/password/tests/test_zxcvbn.py index 7d03ba841..dc2f47c5c 100644 --- a/authentik/policies/password/tests/test_zxcvbn.py +++ b/authentik/policies/password/tests/test_zxcvbn.py @@ -28,13 +28,21 @@ class TestPasswordPolicyZxcvbn(TestCase): policy = PasswordPolicy.objects.create( check_zxcvbn=True, check_static_rules=False, + zxcvbn_score_threshold=3, name="test_false", ) request = PolicyRequest(get_anonymous_user()) request.context[PLAN_CONTEXT_PROMPT] = {"password": "password"} # nosec result: PolicyResult = policy.passes(request) self.assertFalse(result.passing, result.messages) - self.assertEqual(result.messages[0], "Add another word or two. Uncommon words are better.") + self.assertEqual(result.messages[0], "Password is too weak.") + self.assertEqual(result.messages[1], "Add another word or two. Uncommon words are better.") + + request.context[PLAN_CONTEXT_PROMPT] = {"password": "Awdccdw1234"} # nosec + result: PolicyResult = policy.passes(request) + self.assertFalse(result.passing, result.messages) + self.assertEqual(result.messages[0], "Password is too weak.") + self.assertEqual(len(result.messages), 1) def test_true(self): """Positive password case"""