initialize filters eary on

This commit is contained in:
Aravinth Manivannan 2021-06-13 13:22:36 +05:30
parent bc5949a86c
commit 5147d46825
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
6 changed files with 50 additions and 28 deletions

View file

@ -1,9 +1,13 @@
//! Credential processor and configuration //! Credential processor and configuration
use derive_builder::Builder; use derive_builder::Builder;
use lazy_static::initialize;
use validator::Validate; use validator::Validate;
use crate::errors::*; use crate::errors::*;
use crate::filters::{beep, filter, forbidden}; use crate::filters::{beep, filter, forbidden};
use crate::filters::{
blacklist::RE_BLACKLIST, profainity::RE_PROFAINITY, user_case_mapped::RE_USERNAME_CASE_MAPPED,
};
/// Credential management configuration /// Credential management configuration
#[derive(Clone, Builder)] #[derive(Clone, Builder)]
@ -139,6 +143,23 @@ impl Config {
let status = argon2::verify_encoded(hash, password.as_bytes())?; let status = argon2::verify_encoded(hash, password.as_bytes())?;
Ok(status) Ok(status)
} }
/// Initialize filters accoding to configuration.
///
/// Filters are lazy initialized so there's a slight delay during the very first use of
/// filter. By calling this method during the early stages of program execution,
/// that delay can be avoided.
pub fn init(&self) {
if self.username_case_mapped {
initialize(&RE_USERNAME_CASE_MAPPED);
}
if self.blacklist {
initialize(&RE_BLACKLIST);
}
if self.profanity {
initialize(&RE_PROFAINITY);
}
}
} }
#[cfg(test)] #[cfg(test)]
@ -175,14 +196,16 @@ mod tests {
.password_policy(PasswordPolicy::default()) .password_policy(PasswordPolicy::default())
.build() .build()
.unwrap(); .unwrap();
config.init();
assert_eq!(config.email("sdfasdf".into()), Err(CredsError::NotAnEmail)); assert_eq!(config.email("sdfasdf"), Err(CredsError::NotAnEmail));
} }
#[test] #[test]
fn utils_create_new_organisation() { fn utils_create_new_organisation() {
let password = "somepassword"; let password = "somepassword";
let config = Config::default(); let config = Config::default();
config.init();
config.email("batman@we.net").unwrap(); config.email("batman@we.net").unwrap();
let username = config.username("Realaravinth").unwrap(); let username = config.username("Realaravinth").unwrap();
@ -202,6 +225,7 @@ mod tests {
.password_policy(PasswordPolicy::default()) .password_policy(PasswordPolicy::default())
.build() .build()
.unwrap(); .unwrap();
config.init();
let username_err = config.username("fuck"); let username_err = config.username("fuck");
@ -211,6 +235,7 @@ mod tests {
#[test] #[test]
fn utils_create_new_forbidden_organisation() { fn utils_create_new_forbidden_organisation() {
let config = Config::default(); let config = Config::default();
config.init();
let forbidden_err = config.username(".htaccess"); let forbidden_err = config.username(".htaccess");
assert_eq!(forbidden_err, Err(CredsError::BlacklistError)); assert_eq!(forbidden_err, Err(CredsError::BlacklistError));
@ -232,6 +257,7 @@ mod tests {
) )
.build() .build()
.unwrap(); .unwrap();
config.init();
let too_short_err = config.password("a"); let too_short_err = config.password("a");
let too_long_err = config.password("asdfasdfasdf"); let too_long_err = config.password("asdfasdfasdf");

View file

@ -1,13 +1,14 @@
use crate::errors::{CredsError, CredsResult}; use crate::errors::{CredsError, CredsResult};
use lazy_static::lazy_static; use lazy_static::lazy_static;
use regex::Regex; use regex::Regex;
const BLACKLIST: &str = r"^(.htaccess|.htpasswd|.well-known|400|401|403|404|405|406|407|408|409|410|411|412|413|414|415|416|417|421|422|423|424|426|428|429|431|500|501|502|503|504|505|506|507|508|509|510|511|_domainkey|about|about-us|abuse|access|account|accounts|ad|add|admin|administration|administrator|ads|ads.txt|advertise|advertising|aes128-ctr|aes128-gcm|aes192-ctr|aes256-ctr|aes256-gcm|affiliate|affiliates|ajax|alert|alerts|alpha|amp|analytics|api|app|app-ads.txt|apps|asc|assets|atom|auth|authentication|authorize|autoconfig|autodiscover|avatar|backup|banner|banners|bbs|beta|billing|billings|blog|blogs|board|bookmark|bookmarks|broadcasthost|business|buy|cache|calendar|campaign|captcha|careers|cart|cas|categories|category|cdn|cgi|cgi-bin|chacha20-poly1305|change|channel|channels|chart|chat|checkout|clear|client|close|cloud|cms|com|comment|comments|community|compare|compose|config|connect|contact|contest|cookies|copy|copyright|count|cp|cpanel|create|crossdomain.xml|css|curve25519-sha256|customer|customers|customize|dashboard|db|deals|debug|delete|desc|destroy|dev|developer|developers|diffie-hellman-group-exchange-sha256|diffie-hellman-group14-sha1|disconnect|discuss|dns|dns0|dns1|dns2|dns3|dns4|docs|documentation|domain|download|downloads|downvote|draft|drop|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|edit|editor|email|enterprise|error|errors|event|events|example|exception|exit|explore|export|extensions|false|family|faq|faqs|favicon.ico|features|feed|feedback|feeds|file|files|filter|follow|follower|followers|following|fonts|forgot|forgot-password|forgotpassword|form|forms|forum|forums|friend|friends|ftp|get|git|go|graphql|group|groups|guest|guidelines|guides|head|header|help|hide|hmac-sha|hmac-sha1|hmac-sha1-etm|hmac-sha2-256|hmac-sha2-256-etm|hmac-sha2-512|hmac-sha2-512-etm|home|host|hosting|hostmaster|htpasswd|http|httpd|https|humans.txt|icons|images|imap|img|import|index|info|insert|investors|invitations|invite|invites|invoice|is|isatap|issues|it|jobs|join|js|json|keybase.txt|learn|legal|license|licensing|like|limit|live|load|local|localdomain|localhost|lock|login|logout|lost-password|m|mail|mail0|mail1|mail2|mail3|mail4|mail5|mail6|mail7|mail8|mail9|mailer-daemon|mailerdaemon|map|marketing|marketplace|master|me|media|member|members|message|messages|metrics|mis|mobile|moderator|modify|more|mx|mx1|my|net|network|new|news|newsletter|newsletters|next|nil|no-reply|nobody|noc|none|noreply|notification|notifications|ns|ns0|ns1|ns2|ns3|ns4|ns5|ns6|ns7|ns8|ns9|null|oauth|oauth2|offer|offers|online|openid|order|orders|overview|owa|owner|page|pages|partners|passwd|password|pay|payment|payments|photo|photos|pixel|plans|plugins|policies|policy|pop|pop3|popular|portal|portfolio|post|postfix|postmaster|poweruser|preferences|premium|press|previous|pricing|print|privacy|privacy-policy|private|prod|product|production|profile|profiles|project|projects|public|purchase|put|quota|redirect|reduce|refund|refunds|register|registration|remove|replies|reply|report|request|request-password|reset|reset-password|response|return|returns|review|reviews|robots.txt|root|rootuser|rsa-sha2-2|rsa-sha2-512|rss|rules|sales|save|script|sdk|search|secure|security|select|services|session|sessions|settings|setup|share|shift|shop|signin|signup|site|sitemap|sites|smtp|sort|source|sql|ssh|ssh-rsa|ssl|ssladmin|ssladministrator|sslwebmaster|stage|staging|stat|static|statistics|stats|status|store|style|styles|stylesheet|stylesheets|subdomain|subscribe|sudo|super|superuser|support|survey|sync|sysadmin|system|tablet|tag|tags|team|telnet|terms|terms-of-use|test|testimonials|theme|themes|today|tools|topic|topics|tour|training|translate|translations|trending|trial|true|umac-128|umac-128-etm|umac-64|umac-64-etm|undefined|unfollow|unlike|unsubscribe|update|upgrade|usenet|user|username|users|uucp|var|verify|video|view|void|vote|vpn|webmail|webmaster|website|widget|widgets|wiki|wpad|write|www|www-data|www1|www2|www3|www4|you|yourname|yourusername|zlib)$";
lazy_static! {
pub static ref RE_BLACKLIST: Regex =
Regex::new(BLACKLIST).expect("coudln't setup blacklist filter");
}
pub fn forbidden(target: &str) -> CredsResult<()> { pub fn forbidden(target: &str) -> CredsResult<()> {
static BLACKLIST: &'static str = r"^(.htaccess|.htpasswd|.well-known|400|401|403|404|405|406|407|408|409|410|411|412|413|414|415|416|417|421|422|423|424|426|428|429|431|500|501|502|503|504|505|506|507|508|509|510|511|_domainkey|about|about-us|abuse|access|account|accounts|ad|add|admin|administration|administrator|ads|ads.txt|advertise|advertising|aes128-ctr|aes128-gcm|aes192-ctr|aes256-ctr|aes256-gcm|affiliate|affiliates|ajax|alert|alerts|alpha|amp|analytics|api|app|app-ads.txt|apps|asc|assets|atom|auth|authentication|authorize|autoconfig|autodiscover|avatar|backup|banner|banners|bbs|beta|billing|billings|blog|blogs|board|bookmark|bookmarks|broadcasthost|business|buy|cache|calendar|campaign|captcha|careers|cart|cas|categories|category|cdn|cgi|cgi-bin|chacha20-poly1305|change|channel|channels|chart|chat|checkout|clear|client|close|cloud|cms|com|comment|comments|community|compare|compose|config|connect|contact|contest|cookies|copy|copyright|count|cp|cpanel|create|crossdomain.xml|css|curve25519-sha256|customer|customers|customize|dashboard|db|deals|debug|delete|desc|destroy|dev|developer|developers|diffie-hellman-group-exchange-sha256|diffie-hellman-group14-sha1|disconnect|discuss|dns|dns0|dns1|dns2|dns3|dns4|docs|documentation|domain|download|downloads|downvote|draft|drop|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|edit|editor|email|enterprise|error|errors|event|events|example|exception|exit|explore|export|extensions|false|family|faq|faqs|favicon.ico|features|feed|feedback|feeds|file|files|filter|follow|follower|followers|following|fonts|forgot|forgot-password|forgotpassword|form|forms|forum|forums|friend|friends|ftp|get|git|go|graphql|group|groups|guest|guidelines|guides|head|header|help|hide|hmac-sha|hmac-sha1|hmac-sha1-etm|hmac-sha2-256|hmac-sha2-256-etm|hmac-sha2-512|hmac-sha2-512-etm|home|host|hosting|hostmaster|htpasswd|http|httpd|https|humans.txt|icons|images|imap|img|import|index|info|insert|investors|invitations|invite|invites|invoice|is|isatap|issues|it|jobs|join|js|json|keybase.txt|learn|legal|license|licensing|like|limit|live|load|local|localdomain|localhost|lock|login|logout|lost-password|m|mail|mail0|mail1|mail2|mail3|mail4|mail5|mail6|mail7|mail8|mail9|mailer-daemon|mailerdaemon|map|marketing|marketplace|master|me|media|member|members|message|messages|metrics|mis|mobile|moderator|modify|more|mx|mx1|my|net|network|new|news|newsletter|newsletters|next|nil|no-reply|nobody|noc|none|noreply|notification|notifications|ns|ns0|ns1|ns2|ns3|ns4|ns5|ns6|ns7|ns8|ns9|null|oauth|oauth2|offer|offers|online|openid|order|orders|overview|owa|owner|page|pages|partners|passwd|password|pay|payment|payments|photo|photos|pixel|plans|plugins|policies|policy|pop|pop3|popular|portal|portfolio|post|postfix|postmaster|poweruser|preferences|premium|press|previous|pricing|print|privacy|privacy-policy|private|prod|product|production|profile|profiles|project|projects|public|purchase|put|quota|redirect|reduce|refund|refunds|register|registration|remove|replies|reply|report|request|request-password|reset|reset-password|response|return|returns|review|reviews|robots.txt|root|rootuser|rsa-sha2-2|rsa-sha2-512|rss|rules|sales|save|script|sdk|search|secure|security|select|services|session|sessions|settings|setup|share|shift|shop|signin|signup|site|sitemap|sites|smtp|sort|source|sql|ssh|ssh-rsa|ssl|ssladmin|ssladministrator|sslwebmaster|stage|staging|stat|static|statistics|stats|status|store|style|styles|stylesheet|stylesheets|subdomain|subscribe|sudo|super|superuser|support|survey|sync|sysadmin|system|tablet|tag|tags|team|telnet|terms|terms-of-use|test|testimonials|theme|themes|today|tools|topic|topics|tour|training|translate|translations|trending|trial|true|umac-128|umac-128-etm|umac-64|umac-64-etm|undefined|unfollow|unlike|unsubscribe|update|upgrade|usenet|user|username|users|uucp|var|verify|video|view|void|vote|vpn|webmail|webmaster|website|widget|widgets|wiki|wpad|write|www|www-data|www1|www2|www3|www4|you|yourname|yourusername|zlib)$";
lazy_static! {
static ref RE_BLACKLIST: Regex =
Regex::new(BLACKLIST).expect("coudln't setup blacklist filter");
}
if RE_BLACKLIST.is_match(&target) { if RE_BLACKLIST.is_match(&target) {
Err(CredsError::BlacklistError) Err(CredsError::BlacklistError)
} else { } else {

View file

@ -15,9 +15,9 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
mod blacklist; pub(crate) mod blacklist;
mod profainity; pub(crate) mod profainity;
mod user_case_mapped; pub(crate) mod user_case_mapped;
pub use blacklist::forbidden; pub use blacklist::forbidden;
pub use profainity::beep; pub use profainity::beep;

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -8,8 +8,6 @@
//! //!
//! ```rust //! ```rust
//! use argon2_creds::Config; //! use argon2_creds::Config;
//!
//! fn main() {
//! let config = Config::default(); //! let config = Config::default();
//! //!
//! let password = "ironmansucks"; //! let password = "ironmansucks";
@ -26,7 +24,6 @@
//! //!
//! assert_eq!(username, "realaravinth"); //! assert_eq!(username, "realaravinth");
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing"); //! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
//! }
//! ``` //! ```
//! //!
//! 2. To gain fine-grained control over how credentials are managed, consider using //! 2. To gain fine-grained control over how credentials are managed, consider using
@ -35,7 +32,6 @@
//!```rust //!```rust
//! use argon2_creds::{ConfigBuilder, PasswordPolicy, Config}; //! use argon2_creds::{ConfigBuilder, PasswordPolicy, Config};
//! //!
//! fn main() {
//! let config = ConfigBuilder::default() //! let config = ConfigBuilder::default()
//! .username_case_mapped(false) //! .username_case_mapped(false)
//! .profanity(true) //! .profanity(true)
@ -58,7 +54,6 @@
//! //!
//! assert_eq!(username, "realaravinth"); //! assert_eq!(username, "realaravinth");
//! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing"); //! assert!(Config::verify(&hash, password).unwrap(), "verify hahsing");
//! }
//!``` //!```
//! //!
//! ## Documentation & Community Resources //! ## Documentation & Community Resources