Maj terminée. Pour consulter la release notes associée voici le lien :
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

Commit f2246f28 authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Ask for passwords twice

parent 58245e16
......@@ -235,6 +235,7 @@ type add_account_error =
| AddressTaken
| BadUsername
| BadPassword of string
| PasswordMismatch
let b58_digits = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
let prng = lazy (pseudo_rng (random_string secure_rng 16))
......
......@@ -116,6 +116,7 @@ type add_account_error =
| AddressTaken
| BadUsername
| BadPassword of string
| PasswordMismatch
val generate_token : ?length:int -> unit -> string Lwt.t
......
......@@ -118,8 +118,8 @@ let signup_captcha_post = create_attached_post ~fallback:signup_captcha ~post_pa
let signup_captcha_img = create ~path:(Path ["signup"; "captcha"]) ~meth:(Get (string "challenge")) ()
let signup_login = create ~path:(Path ["signup"; "login"]) ~meth:(Get (string "token")) ()
let signup = create ~path:(Path ["signup"; "account"]) ~meth:(Get unit) ()
let signup_post = create_attached_post ~fallback:signup ~post_params:(string "username" ** string "password") ()
let signup_post = create_attached_post ~fallback:signup ~post_params:(string "username" ** string "password" ** string "password2") ()
let changepw_captcha = create ~path:(Path ["signup"; "changepw"]) ~meth:(Get (string "service")) ()
let changepw_captcha_post = create_attached_post ~fallback:changepw_captcha ~post_params:(string "challenge" ** string "response" ** string "email" ** string "username") ()
let changepw_post = create_attached_post ~fallback:signup ~post_params:(string "password") ()
let changepw_post = create_attached_post ~fallback:signup ~post_params:(string "password" ** string "password2") ()
......@@ -2207,41 +2207,39 @@ let () =
match%lwt Eliom_reference.get Web_state.signup_env with
| None -> forbidden ()
| Some (_, address, Web_signup.CreateAccount) -> T.signup address None ""
| Some (_, address, Web_signup.ChangePassword username) -> T.changepw ~username ~address
| Some (_, address, Web_signup.ChangePassword username) -> T.changepw ~username ~address None
)
let () =
Html.register ~service:signup_post
(fun () (username, password) ->
(fun () (username, (password, password2)) ->
match%lwt Eliom_reference.get Web_state.signup_env with
| Some (service, email, Web_signup.CreateAccount) ->
let user = { user_name = username; user_domain = service } in
(match%lwt Web_auth_password.add_account user ~password ~email with
| Ok () ->
let%lwt () = Eliom_reference.unset Web_state.signup_env in
T.generic_page ~title:"Account creation" ~service:admin "The account has been created." ()
| Error e -> T.signup email (Some e) username
)
if password = password2 then (
let user = { user_name = username; user_domain = service } in
match%lwt Web_auth_password.add_account user ~password ~email with
| Ok () ->
let%lwt () = Eliom_reference.unset Web_state.signup_env in
T.generic_page ~title:"Account creation" ~service:admin "The account has been created." ()
| Error e -> T.signup email (Some e) username
) else T.signup email (Some PasswordMismatch) username
| _ -> forbidden ()
)
let () =
Any.register ~service:changepw_post
(fun () password ->
Html.register ~service:changepw_post
(fun () (password, password2) ->
match%lwt Eliom_reference.get Web_state.signup_env with
| Some (service, _, Web_signup.ChangePassword username) ->
let user = { user_name = username; user_domain = service } in
(match%lwt Web_auth_password.change_password user ~password with
| Ok () ->
let%lwt () = Eliom_reference.unset Web_state.signup_env in
T.generic_page ~title:"Change password" ~service:admin
"The password has been changed." () >>= Html.send
| Error e ->
Printf.ksprintf
(fun x -> T.generic_page ~title:"Change password" ~service:signup x () >>= Html.send)
"The password is too weak (%s). Please try again with a different one"
e
)
| Some (service, address, Web_signup.ChangePassword username) ->
if password = password2 then (
let user = { user_name = username; user_domain = service } in
match%lwt Web_auth_password.change_password user ~password with
| Ok () ->
let%lwt () = Eliom_reference.unset Web_state.signup_env in
T.generic_page ~title:"Change password" ~service:admin
"The password has been changed." ()
| Error e -> T.changepw ~username ~address (Some (`WeakPassword e))
) else T.changepw ~username ~address (Some `PasswordMismatch)
| _ -> forbidden ()
)
......
......@@ -2595,6 +2595,7 @@ let signup address error username =
| AddressTaken -> "there is already an account with this address"
| BadUsername -> "the username is invalid"
| BadPassword e -> Printf.sprintf "the password is too weak (%s)" e
| PasswordMismatch -> "the two passwords are not the same"
in
div [
pcdata "The account creation ";
......@@ -2606,7 +2607,7 @@ let signup address error username =
in
let form =
post_form ~service:signup_post
(fun (lusername, lpassword) ->
(fun (lusername, (lpassword, lpassword2)) ->
[
div [
pcdata "Your e-mail address is: ";
......@@ -2620,6 +2621,11 @@ let signup address error username =
input ~input_type:`Password ~name:lpassword string;
pcdata ".";
];
div[
pcdata "Type the password again: ";
input ~input_type:`Password ~name:lpassword2 string;
pcdata ".";
];
div [
input ~input_type:`Submit ~value:"Submit" string;
];
......@@ -2629,10 +2635,25 @@ let signup address error username =
let content = [error; form] in
base ~title:"Create an account" ~content ()
let changepw ~username ~address =
let changepw ~username ~address error =
let error = match error with
| None -> pcdata ""
| Some e ->
let reason = match e with
| `PasswordMismatch -> "the two passwords are not the same"
| `WeakPassword e -> Printf.sprintf "the new password is too weak (%s)" e
in
div [
pcdata "The change ";
span ~a:[a_style "color: red;"] [pcdata "failed"];
pcdata " because ";
pcdata reason;
pcdata ". Please try again with a different one.";
]
in
let form =
post_form ~service:changepw_post
(fun lpassword ->
(fun (lpassword, lpassword2) ->
[
div [
pcdata "Your username is: ";
......@@ -2646,13 +2667,18 @@ let changepw ~username ~address =
input ~input_type:`Password ~name:lpassword string;
pcdata ".";
];
div [
pcdata "Type the password again: ";
input ~input_type:`Password ~name:lpassword2 string;
pcdata ".";
];
div [
input ~input_type:`Submit ~value:"Submit" string;
];
]
) ()
in
let content = [form] in
let content = [error; form] in
base ~title:"Change password" ~content ()
let booth () =
......
......@@ -77,7 +77,7 @@ val login_password : service:string -> allowsignups:bool -> [> `Html ] Eliom_con
val signup_captcha : service:string -> captcha_error option -> string -> string -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
val signup_changepw : service:string -> captcha_error option -> string -> string -> string -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
val signup : string -> add_account_error option -> string -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
val changepw : username:string -> address:string -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
val changepw : username:string -> address:string -> [`PasswordMismatch | `WeakPassword of string] option -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
val booth : unit -> [> `Html ] Eliom_content.Html.F.elt Lwt.t
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment