Avoid stripping leading/traling spaces in password forms
There are cases where leading/trailing spaces are included in passwords We should not touch passwords input in forms and pass them to auth backends without any modifications. The detail was discussed in the mailing list thread [1] referred in the bug comment. [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/thread.html#12223 Change-Id: I98de224cc77a98fa216ec3bc032412325e661e14 Closes-Bug: #1861224
This commit is contained in:
Akihiro Motoki
parent
363a4df3ac
commit
6a07f5a5b4
@ -71,6 +71,7 @@ class Login(django_auth_forms.AuthenticationForm):
|
|||||||
label=_("User Name"),
|
label=_("User Name"),
|
||||||
widget=forms.TextInput(attrs={"autofocus": "autofocus"}))
|
widget=forms.TextInput(attrs={"autofocus": "autofocus"}))
|
||||||
password = forms.CharField(label=_("Password"),
|
password = forms.CharField(label=_("Password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
@ -190,14 +191,17 @@ class Password(forms.Form):
|
|||||||
), (
|
), (
|
||||||
'original_password',
|
'original_password',
|
||||||
forms.CharField(label=_("Original password"),
|
forms.CharField(label=_("Original password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
), (
|
), (
|
||||||
'password',
|
'password',
|
||||||
forms.CharField(label=_("New password"),
|
forms.CharField(label=_("New password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
), (
|
), (
|
||||||
'confirm_password',
|
'confirm_password',
|
||||||
forms.CharField(label=_("Confirm password"),
|
forms.CharField(label=_("Confirm password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
),
|
),
|
||||||
])
|
])
|
||||||
|
|||||||
@ -46,6 +46,7 @@ class PasswordMixin(forms.SelfHandlingForm):
|
|||||||
error_messages={'invalid': validators.password_validator_msg()})
|
error_messages={'invalid': validators.password_validator_msg()})
|
||||||
confirm_password = forms.CharField(
|
confirm_password = forms.CharField(
|
||||||
label=_("Confirm Password"),
|
label=_("Confirm Password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
no_autocomplete = True
|
no_autocomplete = True
|
||||||
|
|
||||||
@ -295,6 +296,7 @@ class ChangePasswordForm(PasswordMixin, forms.SelfHandlingForm):
|
|||||||
if settings.ENFORCE_PASSWORD_CHECK:
|
if settings.ENFORCE_PASSWORD_CHECK:
|
||||||
self.fields["admin_password"] = forms.CharField(
|
self.fields["admin_password"] = forms.CharField(
|
||||||
label=_("Admin Password"),
|
label=_("Admin Password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
# Reorder form fields from multiple inheritance
|
# Reorder form fields from multiple inheritance
|
||||||
self.fields.keyOrder = ["id", "name", "admin_password",
|
self.fields.keyOrder = ["id", "name", "admin_password",
|
||||||
|
|||||||
@ -54,6 +54,7 @@ class RebuildInstanceForm(forms.SelfHandlingForm):
|
|||||||
confirm_password = forms.CharField(
|
confirm_password = forms.CharField(
|
||||||
label=_("Confirm Rebuild Password"),
|
label=_("Confirm Rebuild Password"),
|
||||||
required=False,
|
required=False,
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
disk_config = forms.ChoiceField(label=_("Disk Partition"),
|
disk_config = forms.ChoiceField(label=_("Disk Partition"),
|
||||||
required=False)
|
required=False)
|
||||||
@ -141,6 +142,7 @@ class DecryptPasswordInstanceForm(forms.SelfHandlingForm):
|
|||||||
encrypted_password = forms.CharField(widget=forms.widgets.Textarea(_attrs),
|
encrypted_password = forms.CharField(widget=forms.widgets.Textarea(_attrs),
|
||||||
label=_("Encrypted Password"),
|
label=_("Encrypted Password"),
|
||||||
help_text=_encrypted_pwd_help,
|
help_text=_encrypted_pwd_help,
|
||||||
|
strip=False,
|
||||||
required=False)
|
required=False)
|
||||||
|
|
||||||
def __init__(self, request, *args, **kwargs):
|
def __init__(self, request, *args, **kwargs):
|
||||||
@ -488,6 +490,7 @@ class RescueInstanceForm(forms.SelfHandlingForm):
|
|||||||
transform=_image_choice_title))
|
transform=_image_choice_title))
|
||||||
password = forms.CharField(label=_("Password"), max_length=255,
|
password = forms.CharField(label=_("Password"), max_length=255,
|
||||||
required=False,
|
required=False,
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
failure_url = 'horizon:project:instances:index'
|
failure_url = 'horizon:project:instances:index'
|
||||||
|
|
||||||
|
|||||||
@ -560,6 +560,7 @@ class SetAccessControlsAction(workflows.Action):
|
|||||||
error_messages={'invalid': validators.password_validator_msg()})
|
error_messages={'invalid': validators.password_validator_msg()})
|
||||||
confirm_admin_pass = forms.CharField(
|
confirm_admin_pass = forms.CharField(
|
||||||
label=_("Confirm Admin Password"),
|
label=_("Confirm Admin Password"),
|
||||||
|
strip=False,
|
||||||
required=False,
|
required=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
groups = forms.MultipleChoiceField(
|
groups = forms.MultipleChoiceField(
|
||||||
|
|||||||
@ -30,15 +30,18 @@ from openstack_dashboard import api
|
|||||||
class PasswordForm(forms.SelfHandlingForm):
|
class PasswordForm(forms.SelfHandlingForm):
|
||||||
current_password = forms.CharField(
|
current_password = forms.CharField(
|
||||||
label=_("Current password"),
|
label=_("Current password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
new_password = forms.RegexField(
|
new_password = forms.RegexField(
|
||||||
label=_("New password"),
|
label=_("New password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False),
|
widget=forms.PasswordInput(render_value=False),
|
||||||
regex=validators.password_validator(),
|
regex=validators.password_validator(),
|
||||||
error_messages={'invalid':
|
error_messages={'invalid':
|
||||||
validators.password_validator_msg()})
|
validators.password_validator_msg()})
|
||||||
confirm_password = forms.CharField(
|
confirm_password = forms.CharField(
|
||||||
label=_("Confirm new password"),
|
label=_("Confirm new password"),
|
||||||
|
strip=False,
|
||||||
widget=forms.PasswordInput(render_value=False))
|
widget=forms.PasswordInput(render_value=False))
|
||||||
no_autocomplete = True
|
no_autocomplete = True
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user