trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sources/ldap: improve ms-ad password complexity checking 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-28 12:47:52 +02:00
parent 602aed674b
commit affafc31cf
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
authentik/sources/ldap/password.py
View File

@ -105,15 +105,17 @@ class LDAPPasswordChanger:
if len(user_attributes["sAMAccountName"]) >= 3: if len(user_attributes["sAMAccountName"]) >= 3:
if password.lower() in user_attributes["sAMAccountName"].lower(): if password.lower() in user_attributes["sAMAccountName"].lower():
return False return False
display_name_tokens = split( # No display name set, can't check any further
RE_DISPLAYNAME_SEPARATORS, user_attributes["displayName"] if len(user_attributes["displayName"]) < 1:
) return True
for token in display_name_tokens: for display_name in user_attributes["displayName"]:
# Ignore tokens under 3 chars display_name_tokens = split(RE_DISPLAYNAME_SEPARATORS, display_name)
if len(token) < 3: for token in display_name_tokens:
continue # Ignore tokens under 3 chars
if token.lower() in password.lower(): if len(token) < 3:
return False continue
if token.lower() in password.lower():
return False
return True return True
def ad_password_complexity( def ad_password_complexity(