initialize filters eary on
This commit is contained in:
parent
bc5949a86c
commit
5147d46825
6 changed files with 50 additions and 28 deletions
|
@ -1,9 +1,13 @@
|
||||||
//! Credential processor and configuration
|
//! Credential processor and configuration
|
||||||
use derive_builder::Builder;
|
use derive_builder::Builder;
|
||||||
|
use lazy_static::initialize;
|
||||||
use validator::Validate;
|
use validator::Validate;
|
||||||
|
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
use crate::filters::{beep, filter, forbidden};
|
use crate::filters::{beep, filter, forbidden};
|
||||||
|
use crate::filters::{
|
||||||
|
blacklist::RE_BLACKLIST, profainity::RE_PROFAINITY, user_case_mapped::RE_USERNAME_CASE_MAPPED,
|
||||||
|
};
|
||||||
|
|
||||||
/// Credential management configuration
|
/// Credential management configuration
|
||||||
#[derive(Clone, Builder)]
|
#[derive(Clone, Builder)]
|
||||||
|
@ -139,6 +143,23 @@ impl Config {
|
||||||
let status = argon2::verify_encoded(hash, password.as_bytes())?;
|
let status = argon2::verify_encoded(hash, password.as_bytes())?;
|
||||||
Ok(status)
|
Ok(status)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Initialize filters accoding to configuration.
|
||||||
|
///
|
||||||
|
/// Filters are lazy initialized so there's a slight delay during the very first use of
|
||||||
|
/// filter. By calling this method during the early stages of program execution,
|
||||||
|
/// that delay can be avoided.
|
||||||
|
pub fn init(&self) {
|
||||||
|
if self.username_case_mapped {
|
||||||
|
initialize(&RE_USERNAME_CASE_MAPPED);
|
||||||
|
}
|
||||||
|
if self.blacklist {
|
||||||
|
initialize(&RE_BLACKLIST);
|
||||||
|
}
|
||||||
|
if self.profanity {
|
||||||
|
initialize(&RE_PROFAINITY);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
@ -175,14 +196,16 @@ mod tests {
|
||||||
.password_policy(PasswordPolicy::default())
|
.password_policy(PasswordPolicy::default())
|
||||||
.build()
|
.build()
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
config.init();
|
||||||
|
|
||||||
assert_eq!(config.email("sdfasdf".into()), Err(CredsError::NotAnEmail));
|
assert_eq!(config.email("sdfasdf"), Err(CredsError::NotAnEmail));
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn utils_create_new_organisation() {
|
fn utils_create_new_organisation() {
|
||||||
let password = "somepassword";
|
let password = "somepassword";
|
||||||
let config = Config::default();
|
let config = Config::default();
|
||||||
|
config.init();
|
||||||
|
|
||||||
config.email("batman@we.net").unwrap();
|
config.email("batman@we.net").unwrap();
|
||||||
let username = config.username("Realaravinth").unwrap();
|
let username = config.username("Realaravinth").unwrap();
|
||||||
|
@ -202,6 +225,7 @@ mod tests {
|
||||||
.password_policy(PasswordPolicy::default())
|
.password_policy(PasswordPolicy::default())
|
||||||
.build()
|
.build()
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
config.init();
|
||||||
|
|
||||||
let username_err = config.username("fuck");
|
let username_err = config.username("fuck");
|
||||||
|
|
||||||
|
@ -211,6 +235,7 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn utils_create_new_forbidden_organisation() {
|
fn utils_create_new_forbidden_organisation() {
|
||||||
let config = Config::default();
|
let config = Config::default();
|
||||||
|
config.init();
|
||||||
let forbidden_err = config.username(".htaccess");
|
let forbidden_err = config.username(".htaccess");
|
||||||
|
|
||||||
assert_eq!(forbidden_err, Err(CredsError::BlacklistError));
|
assert_eq!(forbidden_err, Err(CredsError::BlacklistError));
|
||||||
|
@ -232,6 +257,7 @@ mod tests {
|
||||||
)
|
)
|
||||||
.build()
|
.build()
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
config.init();
|
||||||
|
|
||||||
let too_short_err = config.password("a");
|
let too_short_err = config.password("a");
|
||||||
let too_long_err = config.password("asdfasdfasdf");
|
let too_long_err = config.password("asdfasdfasdf");
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
use crate::errors::{CredsError, CredsResult};
|
use crate::errors::{CredsError, CredsResult};
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
|
const BLACKLIST: &str = r"^(.htaccess|.htpasswd|.well-known|400|401|403|404|405|406|407|408|409|410|411|412|413|414|415|416|417|421|422|423|424|426|428|429|431|500|501|502|503|504|505|506|507|508|509|510|511|_domainkey|about|about-us|abuse|access|account|accounts|ad|add|admin|administration|administrator|ads|ads.txt|advertise|advertising|aes128-ctr|aes128-gcm|aes192-ctr|aes256-ctr|aes256-gcm|affiliate|affiliates|ajax|alert|alerts|alpha|amp|analytics|api|app|app-ads.txt|apps|asc|assets|atom|auth|authentication|authorize|autoconfig|autodiscover|avatar|backup|banner|banners|bbs|beta|billing|billings|blog|blogs|board|bookmark|bookmarks|broadcasthost|business|buy|cache|calendar|campaign|captcha|careers|cart|cas|categories|category|cdn|cgi|cgi-bin|chacha20-poly1305|change|channel|channels|chart|chat|checkout|clear|client|close|cloud|cms|com|comment|comments|community|compare|compose|config|connect|contact|contest|cookies|copy|copyright|count|cp|cpanel|create|crossdomain.xml|css|curve25519-sha256|customer|customers|customize|dashboard|db|deals|debug|delete|desc|destroy|dev|developer|developers|diffie-hellman-group-exchange-sha256|diffie-hellman-group14-sha1|disconnect|discuss|dns|dns0|dns1|dns2|dns3|dns4|docs|documentation|domain|download|downloads|downvote|draft|drop|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|edit|editor|email|enterprise|error|errors|event|events|example|exception|exit|explore|export|extensions|false|family|faq|faqs|favicon.ico|features|feed|feedback|feeds|file|files|filter|follow|follower|followers|following|fonts|forgot|forgot-password|forgotpassword|form|forms|forum|forums|friend|friends|ftp|get|git|go|graphql|group|groups|guest|guidelines|guides|head|header|help|hide|hmac-sha|hmac-sha1|hmac-sha1-etm|hmac-sha2-256|hmac-sha2-256-etm|hmac-sha2-512|hmac-sha2-512-etm|home|host|hosting|hostmaster|htpasswd|http|httpd|https|humans.txt|icons|images|imap|img|import|index|info|insert|investors|invitations|invite|invites|invoice|is|isatap|issues|it|jobs|join|js|json|keybase.txt|learn|legal|license|licensing|like|limit|live|load|local|localdomain|localhost|lock|login|logout|lost-password|m|mail|mail0|mail1|mail2|mail3|mail4|mail5|mail6|mail7|mail8|mail9|mailer-daemon|mailerdaemon|map|marketing|marketplace|master|me|media|member|members|message|messages|metrics|mis|mobile|moderator|modify|more|mx|mx1|my|net|network|new|news|newsletter|newsletters|next|nil|no-reply|nobody|noc|none|noreply|notification|notifications|ns|ns0|ns1|ns2|ns3|ns4|ns5|ns6|ns7|ns8|ns9|null|oauth|oauth2|offer|offers|online|openid|order|orders|overview|owa|owner|page|pages|partners|passwd|password|pay|payment|payments|photo|photos|pixel|plans|plugins|policies|policy|pop|pop3|popular|portal|portfolio|post|postfix|postmaster|poweruser|preferences|premium|press|previous|pricing|print|privacy|privacy-policy|private|prod|product|production|profile|profiles|project|projects|public|purchase|put|quota|redirect|reduce|refund|refunds|register|registration|remove|replies|reply|report|request|request-password|reset|reset-password|response|return|returns|review|reviews|robots.txt|root|rootuser|rsa-sha2-2|rsa-sha2-512|rss|rules|sales|save|script|sdk|search|secure|security|select|services|session|sessions|settings|setup|share|shift|shop|signin|signup|site|sitemap|sites|smtp|sort|source|sql|ssh|ssh-rsa|ssl|ssladmin|ssladministrator|sslwebmaster|stage|staging|stat|static|statistics|stats|status|store|style|styles|stylesheet|stylesheets|subdomain|subscribe|sudo|super|superuser|support|survey|sync|sysadmin|system|tablet|tag|tags|team|telnet|terms|terms-of-use|test|testimonials|theme|themes|today|tools|topic|topics|tour|training|translate|translations|trending|trial|true|umac-128|umac-128-etm|umac-64|umac-64-etm|undefined|unfollow|unlike|unsubscribe|update|upgrade|usenet|user|username|users|uucp|var|verify|video|view|void|vote|vpn|webmail|webmaster|website|widget|widgets|wiki|wpad|write|www|www-data|www1|www2|www3|www4|you|yourname|yourusername|zlib)$";
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
pub static ref RE_BLACKLIST: Regex =
|
||||||
|
Regex::new(BLACKLIST).expect("coudln't setup blacklist filter");
|
||||||
|
}
|
||||||
|
|
||||||
pub fn forbidden(target: &str) -> CredsResult<()> {
|
pub fn forbidden(target: &str) -> CredsResult<()> {
|
||||||
static BLACKLIST: &'static str = r"^(.htaccess|.htpasswd|.well-known|400|401|403|404|405|406|407|408|409|410|411|412|413|414|415|416|417|421|422|423|424|426|428|429|431|500|501|502|503|504|505|506|507|508|509|510|511|_domainkey|about|about-us|abuse|access|account|accounts|ad|add|admin|administration|administrator|ads|ads.txt|advertise|advertising|aes128-ctr|aes128-gcm|aes192-ctr|aes256-ctr|aes256-gcm|affiliate|affiliates|ajax|alert|alerts|alpha|amp|analytics|api|app|app-ads.txt|apps|asc|assets|atom|auth|authentication|authorize|autoconfig|autodiscover|avatar|backup|banner|banners|bbs|beta|billing|billings|blog|blogs|board|bookmark|bookmarks|broadcasthost|business|buy|cache|calendar|campaign|captcha|careers|cart|cas|categories|category|cdn|cgi|cgi-bin|chacha20-poly1305|change|channel|channels|chart|chat|checkout|clear|client|close|cloud|cms|com|comment|comments|community|compare|compose|config|connect|contact|contest|cookies|copy|copyright|count|cp|cpanel|create|crossdomain.xml|css|curve25519-sha256|customer|customers|customize|dashboard|db|deals|debug|delete|desc|destroy|dev|developer|developers|diffie-hellman-group-exchange-sha256|diffie-hellman-group14-sha1|disconnect|discuss|dns|dns0|dns1|dns2|dns3|dns4|docs|documentation|domain|download|downloads|downvote|draft|drop|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|edit|editor|email|enterprise|error|errors|event|events|example|exception|exit|explore|export|extensions|false|family|faq|faqs|favicon.ico|features|feed|feedback|feeds|file|files|filter|follow|follower|followers|following|fonts|forgot|forgot-password|forgotpassword|form|forms|forum|forums|friend|friends|ftp|get|git|go|graphql|group|groups|guest|guidelines|guides|head|header|help|hide|hmac-sha|hmac-sha1|hmac-sha1-etm|hmac-sha2-256|hmac-sha2-256-etm|hmac-sha2-512|hmac-sha2-512-etm|home|host|hosting|hostmaster|htpasswd|http|httpd|https|humans.txt|icons|images|imap|img|import|index|info|insert|investors|invitations|invite|invites|invoice|is|isatap|issues|it|jobs|join|js|json|keybase.txt|learn|legal|license|licensing|like|limit|live|load|local|localdomain|localhost|lock|login|logout|lost-password|m|mail|mail0|mail1|mail2|mail3|mail4|mail5|mail6|mail7|mail8|mail9|mailer-daemon|mailerdaemon|map|marketing|marketplace|master|me|media|member|members|message|messages|metrics|mis|mobile|moderator|modify|more|mx|mx1|my|net|network|new|news|newsletter|newsletters|next|nil|no-reply|nobody|noc|none|noreply|notification|notifications|ns|ns0|ns1|ns2|ns3|ns4|ns5|ns6|ns7|ns8|ns9|null|oauth|oauth2|offer|offers|online|openid|order|orders|overview|owa|owner|page|pages|partners|passwd|password|pay|payment|payments|photo|photos|pixel|plans|plugins|policies|policy|pop|pop3|popular|portal|portfolio|post|postfix|postmaster|poweruser|preferences|premium|press|previous|pricing|print|privacy|privacy-policy|private|prod|product|production|profile|profiles|project|projects|public|purchase|put|quota|redirect|reduce|refund|refunds|register|registration|remove|replies|reply|report|request|request-password|reset|reset-password|response|return|returns|review|reviews|robots.txt|root|rootuser|rsa-sha2-2|rsa-sha2-512|rss|rules|sales|save|script|sdk|search|secure|security|select|services|session|sessions|settings|setup|share|shift|shop|signin|signup|site|sitemap|sites|smtp|sort|source|sql|ssh|ssh-rsa|ssl|ssladmin|ssladministrator|sslwebmaster|stage|staging|stat|static|statistics|stats|status|store|style|styles|stylesheet|stylesheets|subdomain|subscribe|sudo|super|superuser|support|survey|sync|sysadmin|system|tablet|tag|tags|team|telnet|terms|terms-of-use|test|testimonials|theme|themes|today|tools|topic|topics|tour|training|translate|translations|trending|trial|true|umac-128|umac-128-etm|umac-64|umac-64-etm|undefined|unfollow|unlike|unsubscribe|update|upgrade|usenet|user|username|users|uucp|var|verify|video|view|void|vote|vpn|webmail|webmaster|website|widget|widgets|wiki|wpad|write|www|www-data|www1|www2|www3|www4|you|yourname|yourusername|zlib)$";
|
|
||||||
lazy_static! {
|
|
||||||
static ref RE_BLACKLIST: Regex =
|
|
||||||
Regex::new(BLACKLIST).expect("coudln't setup blacklist filter");
|
|
||||||
}
|
|
||||||
if RE_BLACKLIST.is_match(&target) {
|
if RE_BLACKLIST.is_match(&target) {
|
||||||
Err(CredsError::BlacklistError)
|
Err(CredsError::BlacklistError)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -15,9 +15,9 @@
|
||||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
mod blacklist;
|
pub(crate) mod blacklist;
|
||||||
mod profainity;
|
pub(crate) mod profainity;
|
||||||
mod user_case_mapped;
|
pub(crate) mod user_case_mapped;
|
||||||
|
|
||||||
pub use blacklist::forbidden;
|
pub use blacklist::forbidden;
|
||||||
pub use profainity::beep;
|
pub use profainity::beep;
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -8,8 +8,6 @@
|
||||||
//!
|
//!
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use argon2_creds::Config;
|
//! use argon2_creds::Config;
|
||||||
//!
|
|
||||||
//! fn main() {
|
|
||||||
//! let config = Config::default();
|
//! let config = Config::default();
|
||||||
//!
|
//!
|
||||||
//! let password = "ironmansucks";
|
//! let password = "ironmansucks";
|
||||||
|
@ -26,7 +24,6 @@
|
||||||
//!
|
//!
|
||||||
//! assert_eq!(username, "realaravinth");
|
//! assert_eq!(username, "realaravinth");
|
||||||
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
|
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
|
||||||
//! }
|
|
||||||
//! ```
|
//! ```
|
||||||
//!
|
//!
|
||||||
//! 2. To gain fine-grained control over how credentials are managed, consider using
|
//! 2. To gain fine-grained control over how credentials are managed, consider using
|
||||||
|
@ -35,7 +32,6 @@
|
||||||
//!```rust
|
//!```rust
|
||||||
//! use argon2_creds::{ConfigBuilder, PasswordPolicy, Config};
|
//! use argon2_creds::{ConfigBuilder, PasswordPolicy, Config};
|
||||||
//!
|
//!
|
||||||
//! fn main() {
|
|
||||||
//! let config = ConfigBuilder::default()
|
//! let config = ConfigBuilder::default()
|
||||||
//! .username_case_mapped(false)
|
//! .username_case_mapped(false)
|
||||||
//! .profanity(true)
|
//! .profanity(true)
|
||||||
|
@ -58,7 +54,6 @@
|
||||||
//!
|
//!
|
||||||
//! assert_eq!(username, "realaravinth");
|
//! assert_eq!(username, "realaravinth");
|
||||||
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
|
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
|
||||||
//! }
|
|
||||||
//!```
|
//!```
|
||||||
//!
|
//!
|
||||||
//! ## Documentation & Community Resources
|
//! ## Documentation & Community Resources
|
||||||
|
|
Loading…
Reference in a new issue