cutelyst  4.4.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
validatorpwquality.cpp
1 /*
2  * SPDX-FileCopyrightText: (C) 2018-2023 Matthias Fehring <mf@huessenbergnetz.de>
3  * SPDX-License-Identifier: BSD-3-Clause
4  */
5 
6 #include "validatorpwquality_p.h"
7 
8 #include <pwquality.h>
9 
10 #include <QLoggingCategory>
11 
12 using namespace Cutelyst;
13 
14 ValidatorPwQuality::ValidatorPwQuality(const QString &field,
15  int threshold,
16  const QVariant &options,
17  const QString &userName,
18  const QString &oldPassword,
19  const ValidatorMessages &messages)
20  : ValidatorRule(*new ValidatorPwQualityPrivate(field,
21  threshold,
22  options,
23  userName,
24  oldPassword,
25  messages))
26 {
27 }
28 
29 ValidatorPwQuality::~ValidatorPwQuality() = default;
30 
31 int ValidatorPwQuality::validate(const QString &value,
32  const QVariant &options,
33  const QString &oldPassword,
34  const QString &user)
35 {
36  int rv = 0;
37 
38  if (!value.isEmpty()) {
39 
40  pwquality_settings_t *pwq = pwquality_default_settings();
41  if (pwq) {
42 
43  bool optionsSet = false;
44  if (options.isValid()) {
45  if (options.typeId() == QMetaType::QVariantMap) {
46  const QVariantMap map = options.toMap();
47  if (!map.empty()) {
48  auto i = map.constBegin();
49  while (i != map.constEnd()) {
50  const QString opt = i.key() + QLatin1Char('=') + i.value().toString();
51  const int orv = pwquality_set_option(pwq, opt.toUtf8().constData());
52  if (orv != 0) {
53  QList<char> buf(ValidatorPwQualityPrivate::errStrBufSize);
54  qCWarning(C_VALIDATOR).noquote().nospace()
55  << "ValidatorPwQuality: Failed to set pwquality option " << opt
56  << ": "
57  << pwquality_strerror(buf.data(), buf.size(), orv, nullptr);
58  }
59  ++i;
60  }
61  optionsSet = true;
62  }
63  } else if (options.typeId() == QMetaType::QString) {
64  const QString configFile = options.toString();
65  if (!configFile.isEmpty()) {
66  if (C_VALIDATOR().isWarningEnabled()) {
67  void *auxerror = nullptr;
68  const int rcrv = pwquality_read_config(
69  pwq, configFile.toUtf8().constData(), &auxerror);
70  if (rcrv != 0) {
71  QList<char> buf(ValidatorPwQualityPrivate::errStrBufSize);
72  qCWarning(C_VALIDATOR).noquote().nospace()
73  << "ValidatorPwQuality: Failed to read configuration file "
74  << configFile << ": "
75  << pwquality_strerror(buf.data(), buf.size(), rcrv, auxerror);
76  }
77  } else {
78  pwquality_read_config(pwq, configFile.toUtf8().constData(), nullptr);
79  }
80  optionsSet = true;
81  }
82  }
83  }
84 
85  if (!optionsSet) {
86  if (C_VALIDATOR().isWarningEnabled()) {
87  void *auxerror = nullptr;
88  const int rcrv = pwquality_read_config(pwq, nullptr, &auxerror);
89  if (rcrv != 0) {
90  QList<char> buf(ValidatorPwQualityPrivate::errStrBufSize);
91  qCWarning(C_VALIDATOR).noquote()
92  << "VaidatorPwQuality: Failed to read default configuration file:"
93  << pwquality_strerror(buf.data(), buf.size(), rcrv, auxerror);
94  }
95  } else {
96  pwquality_read_config(pwq, nullptr, nullptr);
97  }
98  }
99 
100  const QByteArray pwba = value.toUtf8();
101  const char *pw = pwba.constData();
102  const QByteArray opwba = oldPassword.toUtf8();
103  const char *opw = opwba.isEmpty() ? nullptr : opwba.constData();
104  const QByteArray uba = user.toUtf8();
105  const char *u = uba.isEmpty() ? nullptr : uba.constData();
106 
107  rv = pwquality_check(pwq, pw, opw, u, nullptr);
108 
109  pwquality_free_settings(pwq);
110 
111  } else {
112  rv = PWQ_ERROR_MEM_ALLOC;
113  }
114  } else {
115  rv = PWQ_ERROR_EMPTY_PASSWORD;
116  }
117 
118  return rv;
119 }
120 
121 QString ValidatorPwQuality::errorString(Context *c,
122  int returnValue,
123  const QString &label,
124  int threshold)
125 {
126  if (label.isEmpty()) {
127  switch (returnValue) {
128  case PWQ_ERROR_MEM_ALLOC:
129  //% "Password quality check failed because of a memory allocation error."
130  return c->qtTrId("cutelyst-valpwq-err-memalloc");
131  case PWQ_ERROR_SAME_PASSWORD:
132  //% "The password is the same as the old one."
133  return c->qtTrId("cutelyst-valpwq-err-samepass");
134  case PWQ_ERROR_PALINDROME:
135  //% "The password is a palindrome."
136  return c->qtTrId("cutelyst-valpwq-err-palindrome");
137  case PWQ_ERROR_CASE_CHANGES_ONLY:
138  //% "The password differs with case changes only from the old one."
139  return c->qtTrId("cutelyst-valpwq-err-casechangesonly");
140  case PWQ_ERROR_TOO_SIMILAR:
141  //% "The password is too similar to the old one."
142  return c->qtTrId("cutelyst-valpwq-err-toosimilar");
143  case PWQ_ERROR_USER_CHECK:
144  //% "The password contains the user name in some form."
145  return c->qtTrId("cutelyst-valpwq-err-usercheck");
146  case PWQ_ERROR_GECOS_CHECK:
147  //% "The password contains words from the real name of the user in some form."
148  return c->qtTrId("cutelyst-valpwq-err-gecoscheck");
149  case PWQ_ERROR_BAD_WORDS:
150  //% "The password contains forbidden words in some form."
151  return c->qtTrId("cutelyst-valpwq-err-badwords");
152  case PWQ_ERROR_MIN_DIGITS:
153  //% "The password does not contain enough digits."
154  return c->qtTrId("cutelyst-valpwq-err-mindigits");
155  case PWQ_ERROR_MIN_UPPERS:
156  //% "The password does not contain enough uppercase letters."
157  return c->qtTrId("cutelyst-valpwq-err-minuppers");
158  case PWQ_ERROR_MIN_LOWERS:
159  //% "The password does not contain enough lowercase letters."
160  return c->qtTrId("cutelyst-valpwq-err-minlowers");
161  case PWQ_ERROR_MIN_OTHERS:
162  //% "The password does not contain enough non-alphanumeric characters."
163  return c->qtTrId("cutelyst-valpwq-err-minothers");
164  case PWQ_ERROR_MIN_LENGTH:
165  //% "The password is too short."
166  return c->qtTrId("cutelyst-valpwq-err-minlength");
167  case PWQ_ERROR_ROTATED:
168  //% "The password is just the rotated old one."
169  return c->qtTrId("cutelyst-valpwq-err-rotated");
170  case PWQ_ERROR_MIN_CLASSES:
171  //% "The password does not contain enough different character types."
172  return c->qtTrId("cutelyst-valpwq-err-minclasses");
173  case PWQ_ERROR_MAX_CONSECUTIVE:
174  //% "The password contains too many same characters consecutively."
175  return c->qtTrId("cutelyst-valpwq-err-maxconsecutive");
176  case PWQ_ERROR_MAX_CLASS_REPEAT:
177  //% "The password contains too many characters of the same type consecutively."
178  return c->qtTrId("cutelyst-valpwq-err-maxclassrepeat");
179  case PWQ_ERROR_MAX_SEQUENCE:
180  //% "The password contains too long a monotonous string."
181  return c->qtTrId("cutelyst-valpwq-err-maxsequence");
182  case PWQ_ERROR_EMPTY_PASSWORD:
183  //% "No password supplied."
184  return c->qtTrId("cutelyst-valpwq-err-emptypw");
185  case PWQ_ERROR_RNG:
186  //% "Password quality check failed because we cannot obtain random "
187  //% "numbers from the RNG device."
188  return c->qtTrId("cutelyst-valpwq-err-rng");
189  case PWQ_ERROR_CRACKLIB_CHECK:
190  //% "The password fails the dictionary check."
191  return c->qtTrId("cutelyst-valpwq-err-cracklibcheck");
192  case PWQ_ERROR_UNKNOWN_SETTING:
193  //% "Password quality check failed because of an unknown setting."
194  return c->qtTrId("cutelyst-valpwq-err-unknownsetting");
195  case PWQ_ERROR_INTEGER:
196  //% "Password quality check failed because of a bad integer value in the settings."
197  return c->qtTrId("cutelyst-valpwq-err-integer");
198  case PWQ_ERROR_NON_INT_SETTING:
199  //% "Password quality check failed because of a settings entry is not "
200  //% "of integer type."
201  return c->qtTrId("cutelyst-valpwq-err-nonintsetting");
202  case PWQ_ERROR_NON_STR_SETTING:
203  //% "Password quality check failed because of a settings entry is not of string type."
204  return c->qtTrId("cutelyst-valpwq-err-nonstrsetting");
205  case PWQ_ERROR_CFGFILE_OPEN:
206  //% "Password quality check failed because opening the configuration file failed."
207  return c->qtTrId("cutelyst-valpwq-err-cfgfileopen");
208  case PWQ_ERROR_CFGFILE_MALFORMED:
209  //% "Password quality check failed because the configuration file is malformed."
210  return c->qtTrId("cutelyst-valpwq-err-cfgfilemalformed");
211  case PWQ_ERROR_FATAL_FAILURE:
212  //% "Password quality check failed because of a fatal failure."
213  return c->qtTrId("cutelyst-valpwq-err-fatalfailure");
214  default:
215  {
216  if (returnValue < 0) {
217  //% "Password quality check failed because of an unknown error."
218  return c->qtTrId("cutelyst-valpwq-err-unknown");
219  } else {
220  if (returnValue < threshold) {
221  //% "The password quality score of %1 is below the threshold of %2."
222  return c->qtTrId("cutelyst-valpwq-err-belowthreshold")
223  .arg(QString::number(returnValue), QString::number(threshold));
224  } else {
225  return {};
226  }
227  }
228  }
229  }
230  } else {
231  switch (returnValue) {
232  case PWQ_ERROR_MEM_ALLOC:
233  //% "Password quality check for the “%1“ field failed because of a "
234  //% "memory allocation error."
235  return c->qtTrId("cutelyst-valpwq-err-memalloc-label").arg(label);
236  case PWQ_ERROR_SAME_PASSWORD:
237  //% "The password in the “%1” field is the same as the old one."
238  return c->qtTrId("cutelyst-valpwq-err-samepass-label").arg(label);
239  case PWQ_ERROR_PALINDROME:
240  //% "The password in the “%1” field is a palindrome."
241  return c->qtTrId("cutelyst-valpwq-err-palindrome-label").arg(label);
242  case PWQ_ERROR_CASE_CHANGES_ONLY:
243  //% "The password in the “%1” field differs with case changes only from the old one."
244  return c->qtTrId("cutelyst-valpwq-err-casechangesonly-label").arg(label);
245  case PWQ_ERROR_TOO_SIMILAR:
246  //% "The password in the “%1” field is too similar to the old one."
247  return c->qtTrId("cutelyst-valpwq-err-toosimilar-label").arg(label);
248  case PWQ_ERROR_USER_CHECK:
249  //% "The password in the “%1” field contains the user name in some form."
250  return c->qtTrId("cutelyst-valpwq-err-usercheck-label").arg(label);
251  case PWQ_ERROR_GECOS_CHECK:
252  //% "The password in the “%1” field contains words from the real name "
253  //% "of the user name in some form."
254  return c->qtTrId("cutelyst-valpwq-err-gecoscheck-label").arg(label);
255  case PWQ_ERROR_BAD_WORDS:
256  //% "The password in the “%1” field contains forbidden words in some form."
257  return c->qtTrId("cutelyst-valpwq-err-badwords-label").arg(label);
258  case PWQ_ERROR_MIN_DIGITS:
259  //% "The password in the “%1” field does not contain enough digits."
260  return c->qtTrId("cutelyst-valpwq-err-mindigits-label").arg(label);
261  case PWQ_ERROR_MIN_UPPERS:
262  //% "The password in the “%1” field does not contain enough uppercase letters."
263  return c->qtTrId("cutelyst-valpwq-err-minuppers-label").arg(label);
264  case PWQ_ERROR_MIN_LOWERS:
265  //% "The password in the “%1” field does not contain enough lowercase letters."
266  return c->qtTrId("cutelyst-valpwq-err-minlowers-label").arg(label);
267  case PWQ_ERROR_MIN_OTHERS:
268  //% "The password in the “%1” field does not contain enough non-alphanumeric "
269  //% "characters."
270  return c->qtTrId("cutelyst-valpwq-err-minothers-label").arg(label);
271  case PWQ_ERROR_MIN_LENGTH:
272  //% "The password in the “%1” field is too short."
273  return c->qtTrId("cutelyst-valpwq-err-minlength-label").arg(label);
274  case PWQ_ERROR_ROTATED:
275  //% "The password in the “%1” field is just the rotated old one."
276  return c->qtTrId("cutelyst-valpwq-err-rotated-label").arg(label);
277  case PWQ_ERROR_MIN_CLASSES:
278  //% "The password in the “%1” field does not contain enough character types."
279  return c->qtTrId("cutelyst-valpwq-err-minclasses-label").arg(label);
280  case PWQ_ERROR_MAX_CONSECUTIVE:
281  //% "The password in the “%1” field contains too many same characters "
282  //% "consecutively."
283  return c->qtTrId("cutelyst-valpwq-err-maxconsecutive-label").arg(label);
284  case PWQ_ERROR_MAX_CLASS_REPEAT:
285  //% "The password in the “%1” field contains too many characters of "
286  //% "the same type consecutively."
287  return c->qtTrId("cutelyst-valpwq-err-maxclassrepeat-label").arg(label);
288  case PWQ_ERROR_MAX_SEQUENCE:
289  //% "The password in the “%1” field contains contains too long a "
290  //% "monotonous string."
291  return c->qtTrId("cutelyst-valpwq-err-maxsequence-label").arg(label);
292  case PWQ_ERROR_EMPTY_PASSWORD:
293  //% "No password supplied in the “%1” field."
294  return c->qtTrId("cutelyst-valpwq-err-emptypw-label").arg(label);
295  case PWQ_ERROR_RNG:
296  //% "Password quality check for the “%1“ field failed because we "
297  //% "cannot obtain random numbers from the RNG device."
298  return c->qtTrId("cutelyst-valpwq-err-rng-label").arg(label);
299  case PWQ_ERROR_CRACKLIB_CHECK:
300  //% "The password in the “%1” field fails the dictionary check."
301  return c->qtTrId("cutelyst-valpwq-err-cracklibcheck-label").arg(label);
302  case PWQ_ERROR_UNKNOWN_SETTING:
303  //% "Password quality check for the “%1“ field failed because of an "
304  //% "unknown setting."
305  return c->qtTrId("cutelyst-valpwq-err-unknownsetting-label").arg(label);
306  case PWQ_ERROR_INTEGER:
307  //% "Password quality check for the “%1“ field failed because of a "
308  //% "bad integer value in the settings."
309  return c->qtTrId("cutelyst-valpwq-err-integer-label").arg(label);
310  case PWQ_ERROR_NON_INT_SETTING:
311  //% "Password quality check for the “%1“ field failed because of a "
312  //% "settings entry is not of integer type."
313  return c->qtTrId("cutelyst-valpwq-err-nonintsetting-label").arg(label);
314  case PWQ_ERROR_NON_STR_SETTING:
315  //% "Password quality check for the “%1“ field failed because of a "
316  //% "settings entry is not of string type."
317  return c->qtTrId("cutelyst-valpwq-err-nonstrsetting-label").arg(label);
318  case PWQ_ERROR_CFGFILE_OPEN:
319  //% "Password quality check for the “%1“ field failed because opening "
320  //% "the configuration file failed."
321  return c->qtTrId("cutelyst-valpwq-err-cfgfileopen-label").arg(label);
322  case PWQ_ERROR_CFGFILE_MALFORMED:
323  //% "Password quality check for the “%1“ field failed because the "
324  //% "configuration file is malformed."
325  return c->qtTrId("cutelyst-valpwq-err-cfgfilemalformed-label").arg(label);
326  case PWQ_ERROR_FATAL_FAILURE:
327  //% "Password quality check for the “%1“ field failed because of a fatal failure."
328  return c->qtTrId("cutelyst-valpwq-err-fatalfailure-label").arg(label);
329  default:
330  {
331  if (returnValue < 0) {
332  //% "Password quality check for the “%1” field failed because of "
333  //% "an unknown error."
334  return c->qtTrId("cutelyst-valpwq-err-unknown-label").arg(label);
335  } else {
336  if (returnValue < threshold) {
337  //% "The quality score of %1 for the password in the “%2” field "
338  //% "is below the threshold of %3."
339  return c->qtTrId("cutelyst-valpwq-err-belowthreshold-label")
340  .arg(QString::number(returnValue), QString::number(threshold));
341  } else {
342  return {};
343  }
344  }
345  }
346  }
347  }
348 }
349 
350 ValidatorReturnType ValidatorPwQuality::validate(Context *c, const ParamsMultiMap &params) const
351 {
352  ValidatorReturnType result;
353 
354  const QString v = value(params);
355 
356  if (!v.isEmpty()) {
357  Q_D(const ValidatorPwQuality);
358  QVariant opts;
359  if (d->options.isValid()) {
360  if (d->options.typeId() == QMetaType::QVariantMap) {
361  opts = d->options;
362  } else if (d->options.typeId() == QMetaType::QString) {
363  const QString optString = d->options.toString();
364  if (c->stash().contains(optString)) {
365  opts = c->stash(optString);
366  } else {
367  opts = d->options;
368  }
369  }
370  }
371  QString un;
372  if (!d->userName.isEmpty()) {
373  un = params.value(d->userName);
374  if (un.isEmpty()) {
375  un = c->stash(d->userName).toString();
376  }
377  }
378  QString opw;
379  if (!d->oldPassword.isEmpty()) {
380  opw = params.value(d->oldPassword);
381  if (opw.isEmpty()) {
382  opw = c->stash(d->oldPassword).toString();
383  }
384  }
385  int rv = validate(v, opts, opw, un);
386  if (rv < d->threshold) {
387  result.errorMessage = validationError(c, rv);
388  if (C_VALIDATOR().isDebugEnabled()) {
389  if (rv < 0) {
390  QList<char> buf(ValidatorPwQualityPrivate::errStrBufSize);
391  qCDebug(C_VALIDATOR).noquote()
392  << debugString(c)
393  << pwquality_strerror(buf.data(), buf.size(), rv, nullptr);
394  } else {
395  qCDebug(C_VALIDATOR).noquote() << debugString(c) << "The quality score" << rv
396  << "is below the threshold of" << d->threshold;
397  }
398  }
399  } else {
400  qCDebug(C_VALIDATOR).noquote()
401  << "ValidatorPwQuality: \"" << v << "\" got a quality score of" << rv;
402  result.value = v;
403  }
404  }
405 
406  return result;
407 }
408 
409 QString ValidatorPwQuality::genericValidationError(Context *c, const QVariant &errorData) const
410 {
411  Q_D(const ValidatorPwQuality);
412  return ValidatorPwQuality::errorString(c, errorData.toInt(), label(c), d->threshold);
413 }
Cutelyst::Context
The Cutelyst Context.
Definition: context.h:42
Cutelyst::Context::stash
void stash(const QVariantHash &unite)
Definition: context.cpp:562
Cutelyst::Context::qtTrId
QString qtTrId(const char *id, int n=-1) const
Definition: context.h:656
Cutelyst::ValidatorPwQuality
Validates an input field with libpwquality to check password quality.
Definition: validatorpwquality.h:58
Cutelyst::ValidatorPwQuality::errorString
static QString errorString(Context *c, int returnValue, const QString &label=QString(), int threshold=0)
Definition: validatorpwquality.cpp:121
Cutelyst::ValidatorPwQuality::genericValidationError
QString genericValidationError(Context *c, const QVariant &errorData) const override
Definition: validatorpwquality.cpp:409
Cutelyst::ValidatorPwQuality::ValidatorPwQuality
ValidatorPwQuality(const QString &field, int threshold=ValidatorPwQuality::defaultThreshold, const QVariant &options=QVariant(), const QString &userName=QString(), const QString &oldPassword=QString(), const ValidatorMessages &messages=ValidatorMessages())
Definition: validatorpwquality.cpp:14
Cutelyst::ValidatorRule
Base class for all validator rules.
Definition: validatorrule.h:304
Cutelyst::ValidatorRule::validationError
QString validationError(Context *c, const QVariant &errorData={}) const
Definition: validatorrule.cpp:61
Cutelyst::ValidatorRule::label
QString label(Context *c) const
Definition: validatorrule.cpp:49
Cutelyst::ValidatorRule::value
QString value(const ParamsMultiMap &params) const
Definition: validatorrule.cpp:34
Cutelyst::ValidatorRule::debugString
QString debugString(Context *c) const
Definition: validatorrule.cpp:157
Cutelyst::ValidatorPwQuality::validate
static int validate(const QString &value, const QVariant &options=QVariant(), const QString &oldPassword=QString(), const QString &user=QString())
Returns the password quality score for value.
Definition: validatorpwquality.cpp:31
Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: group-core-actions.dox:1
QByteArray::constData
const char * constData() const const
QByteArray::isEmpty
bool isEmpty() const const
QList::data
QList::pointer data()
QList::size
qsizetype size() const const
QMultiMap::value
T value(const Key &key, const T &defaultValue) const const
QString::arg
QString arg(Args &&... args) const const
QString::isEmpty
bool isEmpty() const const
QString::number
QString number(double n, char format, int precision)
QString::toUtf8
QByteArray toUtf8() const const
QVariant::isValid
bool isValid() const const
QVariant::toInt
int toInt(bool *ok) const const
QVariant::toMap
QMap< QString, QVariant > toMap() const const
QVariant::toString
QString toString() const const
QVariant::typeId
int typeId() const const
Cutelyst::ValidatorMessages
Stores custom error messages and the input field label.
Definition: validatorrule.h:142
Cutelyst::ValidatorReturnType
Contains the result of a single input parameter validation.
Definition: validatorrule.h:49