luci-mod-system: enforce password policy

Validation is performed if the password complies to password policy.

Signed-off-by: Christian Korber <ckorber@tdt.de>

Author: ckorber

modules/luci-mod-system/htdocs/luci-static/resources/tools/password.js

@@ -0,0 +1,32 @@
+'use strict';
+
+'require baseclass';
+'require uci';
+
+return baseclass.extend({
+	checkLength(p, required) {
+		let enough = p.length >= parseInt(required);
+
+		if (required && !enough)
+			return false;
+
+		return true;
+	},
+
+	checkDigits(p) {
+		let m = p.match(/\d/);
+
+		return m ? true : false;
+	},
+
+	checkUpperLower(p) {
+
+		return /[a-z]/.test(p) && /[A-Z]/.test(p);
+	},
+
+	checkSpecialChars(p) {
+		let m = p.match(/[^a-zA-Z0-9]/);
+
+		return m ? true : false;
+	}
+});

modules/luci-mod-system/htdocs/luci-static/resources/view/system/password.js

@@ -6,6 +6,7 @@
 'require uci';
 'require form';
 'require rpc';
+'require tools.password as pwtool';
 
 var formData = {
 	data: {
@@ -27,11 +28,18 @@ var callSetPassword = rpc.declare({
 
 return view.extend({
 	checkPassword: function(section_id, value) {
+		const uuid = '51af4ae847774aac863d4c94a9ba6d58';
+
 		var strength = document.querySelector('.cbi-value-description'),
 		    strongRegex = new RegExp("^(?=.{8,})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\\W).*$", "g"),
 		    mediumRegex = new RegExp("^(?=.{7,})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$", "g"),
 		    enoughRegex = new RegExp("(?=.{6,}).*", "g");
 
+		const pw_length = uci.get('luci_plugins', uuid, 'pw_length');
+		const pw_digits = uci.get('luci_plugins', uuid, 'digits');
+		const pw_ul = uci.get('luci_plugins', uuid, 'uc_lc');
+		const special = uci.get('luci_plugins', uuid, 'special_characters');
+
 		if (strength && value.length) {
 			if (false == enoughRegex.test(value))
 				strength.innerHTML = '%s: <span style="color:red">%s</span>'.format(_('Password strength'), _('More Characters'));
@@ -43,14 +51,27 @@ return view.extend({
 				strength.innerHTML = '%s: <span style="color:red">%s</span>'.format(_('Password strength'), _('Weak'));
 		}
 
+		if (pw_length && !pwtool.checkLength(value, pw_length))
+			return _('Policy: min. length of %s characters').format(pw_length);
+
+		if (pw_digits && !pwtool.checkDigits(value))
+			return _('Policy: contain digits');
+
+		if (pw_ul && !pwtool.checkUpperLower(value))
+			return _('Policy: contain uppercase/lowercase');
+
+		if (special && !pwtool.checkSpecialChars(value))
+			return _('Policy: contain special characters');
+
 		return true;
 	},
 
 	load: function() {
 		return Promise.all([
 			L.resolveDefault(fs.stat('/usr/sbin/uhttpd'), null),
 			fs.lines('/etc/passwd'),
-			uci.load('rpcd')
+			uci.load('rpcd'),
+			uci.load('luci_plugins')
 		]);
 	},
 

modules/luci-mod-system/root/usr/share/rpcd/acl.d/luci-mod-system.json

@@ -10,7 +10,7 @@
 				"luci": [ "getLEDs", "getTimezones", "getUSBDevices", "getUnixtime" ],
 				"rc": [ "list" ]
 			},
-			"uci": [ "luci", "system", "rpcd" ]
+			"uci": [ "luci", "system", "rpcd", "luci_plugins" ]
 		},
 		"write": {
 			"file": {