Skip to content

Commit 7f7b8ee

Browse files
carlbennettcarlbennett
committed
Move password denylist to external json file
1 parent b916109 commit 7f7b8ee

File tree

4 files changed

+89
-22
lines changed

4 files changed

+89
-22
lines changed

etc/config.sample.json

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -28,21 +28,8 @@
2828
},
2929
"server_update_job_token": null,
3030
"user_login_disabled": false,
31-
"user_password_blacklist": [
32-
{
33-
"password": "123456",
34-
"reason": "This password is too simple and well known."
35-
},
36-
{
37-
"password": "correcthorsebatterystaple",
38-
"reason": "This is a bad password because it's well known. Don't take advice from a web comic too seriously."
39-
},
40-
{
41-
"password": "password",
42-
"reason": "This password is too simple and well known."
43-
}
44-
],
4531
"user_password_bcrypt_cost": 12,
32+
"user_password_denylist_map": "../etc/password_denylist.json",
4633
"user_password_pepper": "bnetdocs-INSERTRANDOMVALUEHERE",
4734
"user_register_disabled": false,
4835
"user_register_requirements": {

etc/password_denylist.json

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
[
2+
{"password": "1", "reason": "This password is too simple and well known."},
3+
{"password": "12", "reason": "This password is too simple and well known."},
4+
{"password": "123", "reason": "This password is too simple and well known."},
5+
{"password": "1234", "reason": "This password is too simple and well known."},
6+
{"password": "12345", "reason": "This password is too simple and well known."},
7+
{"password": "123456", "reason": "This password is too simple and well known."},
8+
{"password": "1234567", "reason": "This password is too simple and well known."},
9+
{"password": "12345678", "reason": "This password is too simple and well known."},
10+
{"password": "123456789", "reason": "This password is too simple and well known."},
11+
{"password": "1234567890", "reason": "This password is too simple and well known."},
12+
{"password": "1234567890-", "reason": "This password is too simple and well known."},
13+
{"password": "1234567890-=", "reason": "This password is too simple and well known."},
14+
{"password": "a", "reason": "This password is too simple and well known."},
15+
{"password": "ab", "reason": "This password is too simple and well known."},
16+
{"password": "abc", "reason": "This password is too simple and well known."},
17+
{"password": "abcd", "reason": "This password is too simple and well known."},
18+
{"password": "abcde", "reason": "This password is too simple and well known."},
19+
{"password": "abcdef", "reason": "This password is too simple and well known."},
20+
{"password": "abcdefg", "reason": "This password is too simple and well known."},
21+
{"password": "abcdefgh", "reason": "This password is too simple and well known."},
22+
{"password": "abcdefghi", "reason": "This password is too simple and well known."},
23+
{"password": "abcdefghij", "reason": "This password is too simple and well known."},
24+
{"password": "abcdefghijk", "reason": "This password is too simple and well known."},
25+
{"password": "abcdefghijkl", "reason": "This password is too simple and well known."},
26+
{"password": "abcdefghijklm", "reason": "This password is too simple and well known."},
27+
{"password": "abcdefghijklmn", "reason": "This password is too simple and well known."},
28+
{"password": "abcdefghijklmno", "reason": "This password is too simple and well known."},
29+
{"password": "abcdefghijklmnop", "reason": "This password is too simple and well known."},
30+
{"password": "abcdefghijklmnopq", "reason": "This password is too simple and well known."},
31+
{"password": "abcdefghijklmnopqr", "reason": "This password is too simple and well known."},
32+
{"password": "abcdefghijklmnopqrs", "reason": "This password is too simple and well known."},
33+
{"password": "abcdefghijklmnopqrst", "reason": "This password is too simple and well known."},
34+
{"password": "abcdefghijklmnopqrstu", "reason": "This password is too simple and well known."},
35+
{"password": "abcdefghijklmnopqrstuv", "reason": "This password is too simple and well known."},
36+
{"password": "abcdefghijklmnopqrstuvw", "reason": "This password is too simple and well known."},
37+
{"password": "abcdefghijklmnopqrstuvwx", "reason": "This password is too simple and well known."},
38+
{"password": "abcdefghijklmnopqrstuvwxy", "reason": "This password is too simple and well known."},
39+
{"password": "abcdefghijklmnopqrstuvwxyz", "reason": "This password is too simple and well known."},
40+
{"password": "as", "reason": "This password is too simple and well known."},
41+
{"password": "asd", "reason": "This password is too simple and well known."},
42+
{"password": "asdf", "reason": "This password is too simple and well known."},
43+
{"password": "asdfg", "reason": "This password is too simple and well known."},
44+
{"password": "asdfgh", "reason": "This password is too simple and well known."},
45+
{"password": "asdfghj", "reason": "This password is too simple and well known."},
46+
{"password": "asdfghjk", "reason": "This password is too simple and well known."},
47+
{"password": "asdfghjkl", "reason": "This password is too simple and well known."},
48+
{"password": "asdfghjkl;", "reason": "This password is too simple and well known."},
49+
{"password": "asdfghjkl;'", "reason": "This password is too simple and well known."},
50+
{"password": "correcthorsebatterystaple",
51+
"reason": "This is a bad password because it's well known. Don't take advice from a web comic too seriously."
52+
},
53+
{"password": "password", "reason": "This password is too simple and well known."},
54+
{"password": "q", "reason": "This password is too simple and well known."},
55+
{"password": "qw", "reason": "This password is too simple and well known."},
56+
{"password": "qwe", "reason": "This password is too simple and well known."},
57+
{"password": "qwer", "reason": "This password is too simple and well known."},
58+
{"password": "qwert", "reason": "This password is too simple and well known."},
59+
{"password": "qwerty", "reason": "This password is too simple and well known."},
60+
{"password": "qwertyu", "reason": "This password is too simple and well known."},
61+
{"password": "qwertyui", "reason": "This password is too simple and well known."},
62+
{"password": "qwertyuio", "reason": "This password is too simple and well known."},
63+
{"password": "qwertyuiop", "reason": "This password is too simple and well known."},
64+
{"password": "qwertyuiop[", "reason": "This password is too simple and well known."},
65+
{"password": "qwertyuiop[]", "reason": "This password is too simple and well known."},
66+
{"password": "qwertyuiop[]\\\\", "reason": "This password is too simple and well known."},
67+
{"password": "z", "reason": "This password is too simple and well known."},
68+
{"password": "zx", "reason": "This password is too simple and well known."},
69+
{"password": "zxc", "reason": "This password is too simple and well known."},
70+
{"password": "zxcv", "reason": "This password is too simple and well known."},
71+
{"password": "zxcvb", "reason": "This password is too simple and well known."},
72+
{"password": "zxcvbn", "reason": "This password is too simple and well known."},
73+
{"password": "zxcvbnm", "reason": "This password is too simple and well known."},
74+
{"password": "zxcvbnm,", "reason": "This password is too simple and well known."},
75+
{"password": "zxcvbnm,.", "reason": "This password is too simple and well known."},
76+
{"password": "zxcvbnm,./", "reason": "This password is too simple and well known."},
77+
{"password": "", "reason": "This password is empty."}
78+
]

src/controllers/User/ChangePassword.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,11 +68,12 @@ protected function tryChangePassword(
6868
$model->error = 'PASSWORD_TOO_SHORT';
6969
return;
7070
}
71-
$blacklist = Common::$config->bnetdocs->user_password_blacklist;
72-
foreach ($blacklist as $blacklist_pw) {
73-
if (strtolower($blacklist_pw->password) == strtolower($pw2)) {
71+
$denylist = Common::$config->bnetdocs->user_password_denylist_map;
72+
$denylist = json_decode(file_get_contents(__DIR__ . '/' . $denylist));
73+
foreach ($denylist as $denylist_pw) {
74+
if (strtolower($denylist_pw->password) == strtolower($pw2)) {
7475
$model->error = 'PASSWORD_BLACKLIST';
75-
$model->error_extra = $blacklist_pw->reason;
76+
$model->error_extra = $denylist_pw->reason;
7677
return;
7778
}
7879
}

src/controllers/User/Register.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -125,11 +125,12 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
125125
$model->error = 'PASSWORD_TOO_SHORT';
126126
return;
127127
}
128-
$blacklist = Common::$config->bnetdocs->user_password_blacklist;
129-
foreach ($blacklist as $blacklist_pw) {
130-
if (strtolower($blacklist_pw->password) == strtolower($pw1)) {
128+
$denylist = Common::$config->bnetdocs->user_password_denylist_map;
129+
$denylist = json_decode(file_get_contents(__DIR__ . '/' . $denylist));
130+
foreach ($denylist as $denylist_pw) {
131+
if (strtolower($denylist_pw->password) == strtolower($pw1)) {
131132
$model->error = 'PASSWORD_BLACKLIST';
132-
$model->error_extra = $blacklist_pw->reason;
133+
$model->error_extra = $denylist_pw->reason;
133134
return;
134135
}
135136
}

0 commit comments

Comments
 (0)