Commit 51fa47d

committed

Merge branch '530-validate-passwords' into 'master'

feat: enforce strong DB password values Closes #530 See merge request postgres-ai/database-lab!813

2 parents 8fb3535 + 01e47a7 commit 51fa47dCopy full SHA for 51fa47d

File tree

+25

-1

lines changed

+25

-1

lines changed

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,7 @@ require (`
`74`	`74`	`github.com/stretchr/objx v0.5.0 // indirect`
`75`	`75`	`github.com/tklauser/go-sysconf v0.3.11 // indirect`
`76`	`76`	`github.com/tklauser/numcpus v0.6.1 // indirect`
	`77`	`+ github.com/wagslane/go-password-validator v0.3.0 // indirect`
`77`	`78`	`github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect`
`78`	`79`	`github.com/yusufpapurcu/wmi v1.2.3 // indirect`
`79`	`80`	`golang.org/x/net v0.12.0 // indirect`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -684,6 +684,8 @@ github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5`
`684`	`684`	`github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=`
`685`	`685`	`github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=`
`686`	`686`	`github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=`
	`687`	`+github.com/wagslane/go-password-validator v0.3.0 h1:vfxOPzGHkz5S146HDpavl0cw1DSVP061Ry2PX0/ON6I=`
	`688`	`+github.com/wagslane/go-password-validator v0.3.0/go.mod h1:TI1XJ6T5fRdRnHqHt14pvy1tNVnrwe7m3/f1f2fDphQ=`
`687`	`689`	`github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=`
`688`	`690`	`github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=`
`689`	`691`	`github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,11 +6,16 @@`
`6`	`6`	`package validator`
`7`	`7`
`8`	`8`	`import (`
	`9`	`+ "fmt"`
	`10`	`+`
`9`	`11`	`"github.com/pkg/errors"`
	`12`	`+ passwordvalidator "github.com/wagslane/go-password-validator"`
`10`	`13`
`11`	`14`	`"gitlab.com/postgres-ai/database-lab/v3/pkg/client/dblabapi/types"`
`12`	`15`	`)`
`13`	`16`
	`17`	`+const minEntropyBits = 60`
	`18`	`+`
`14`	`19`	`// Service provides a validation service.`
`15`	`20`	`type Service struct {`
`16`	`21`	`}`
`@@ -29,5 +34,9 @@ func (v Service) ValidateCloneRequest(cloneRequest *types.CloneCreateRequest) er`
`29`	`34`	`return errors.New("missing DB password")`
`30`	`35`	`}`
`31`	`36`
	`37`	`+ if err := passwordvalidator.Validate(cloneRequest.DB.Password, minEntropyBits); err != nil {`
	`38`	`+ return fmt.Errorf("password validation: %w", err)`
	`39`	`+ }`
	`40`	`+`
`32`	`41`	`return nil`
`33`	`42`	`}`

Lines changed: 13 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -18,12 +18,24 @@ func TestValidationCloneRequest(t *testing.T) {`
`18`	`18`	`&types.CloneCreateRequest{`
`19`	`19`	`DB: &types.DatabaseRequest{`
`20`	`20`	`Username: "username",`
`21`		`- Password: "password",`
	`21`	`+ Password: "secret_password",`
`22`	`22`	`}})`
`23`	`23`
`24`	`24`	`assert.Nil(t, err)`
`25`	`25`	`}`
`26`	`26`
	`27`	`+func TestWeakPassword(t *testing.T) {`
	`28`	`+ validator := Service{}`
	`29`	`+ err := validator.ValidateCloneRequest(`
	`30`	`+ &types.CloneCreateRequest{`
	`31`	`+ DB: &types.DatabaseRequest{`
	`32`	`+ Username: "username",`
	`33`	`+ Password: "password",`
	`34`	`+ }})`
	`35`	`+`
	`36`	`+ assert.ErrorContains(t, err, "insecure password")`
	`37`	`+}`
	`38`	`+`
`27`	`39`	`func TestValidationCloneRequestErrors(t *testing.T) {`
`28`	`40`	`validator := Service{}`
`29`	`41`

Comments

(0)