Add password policy to export keys (#1145)

tchapgouv · Dec 19, 2024 · 0b1eb31 · 0b1eb31
1 parent a813bc1
commit 0b1eb31
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 9 deletions.
diff --git a/changelog.d/1145.misc b/changelog.d/1145.misc
@@ -0,0 +1 @@
+Ajout d'une politique de mot de passe sur l'export manuel des clés.
diff --git a/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt b/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt
@@ -20,11 +20,19 @@ import android.content.Context
 import android.net.Uri
 import im.vector.app.core.dispatchers.CoroutineDispatchers
 import im.vector.app.core.extensions.safeOpenOutputStream
+import im.vector.app.core.resources.StringProvider
+import im.vector.lib.strings.CommonStrings
 import kotlinx.coroutines.withContext
+import org.matrix.android.sdk.api.auth.AuthenticationService
+import org.matrix.android.sdk.api.extensions.tryOrNull
+import org.matrix.android.sdk.api.failure.Failure
+import org.matrix.android.sdk.api.failure.MatrixError
 import org.matrix.android.sdk.api.session.Session
 import javax.inject.Inject
 
 class KeysExporter @Inject constructor(
+        private val authenticationService: AuthenticationService,
+        private val stringProvider: StringProvider,
         private val session: Session,
         private val context: Context,
         private val dispatchers: CoroutineDispatchers
@@ -34,6 +42,7 @@ class KeysExporter @Inject constructor(
      */
     suspend fun export(password: String, uri: Uri) {
         withContext(dispatchers.io) {
+            checkPasswordPolicy(password)
             val data = session.cryptoService().exportRoomKeys(password)
             context.safeOpenOutputStream(uri)
                     ?.use { it.write(data) }
@@ -56,6 +65,30 @@ class KeysExporter @Inject constructor(
             }
         }
     }
+
+    // TCHAP add policy on the password to export keys
+    private suspend fun checkPasswordPolicy(password: String) {
+        val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(session.sessionParams.homeServerConnectionConfig) }
+        val isValid = passwordPolicy?.let { policy ->
+            val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+            val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+            val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+            val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+            val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+            minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+        } ?: true
+
+        if (!isValid) {
+            throw Failure.ServerError(
+                    error = MatrixError(
+                            code = MatrixError.M_WEAK_PASSWORD,
+                            message = stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error)
+                    ),
+                    httpCode = 400
+            )
+        }
+    }
 }
 
 class UnexpectedExportKeysFileSizeException(expectedFileSize: Long, actualFileSize: Long) : IllegalStateException(

diff --git a/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt b/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt
@@ -1033,15 +1033,15 @@ class OnboardingViewModel @AssistedInject constructor(
             } else {
                 currentJob = viewModelScope.launch {
                     val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(homeServerConnectionConfig) }
-                    val isValid = if (passwordPolicy != null) {
-                        passwordPolicy.minLength?.let { it <= password.length } ?: true &&
-                                passwordPolicy.requireDigit?.let { it && password.any { char -> char.isDigit() } } ?: true &&
-                                passwordPolicy.requireLowercase?.let { it && password.any { char -> char.isLetter() && char.isLowerCase() } } ?: true &&
-                                passwordPolicy.requireUppercase?.let { it && password.any { char -> char.isLetter() && char.isUpperCase() } } ?: true &&
-                                passwordPolicy.requireSymbol?.let { it && password.any { char -> !char.isLetter() && !char.isDigit() } } ?: true
-                    } else {
-                        true
-                    }
+                    val isValid = passwordPolicy?.let { policy ->
+                        val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+                        val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+                        val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+                        val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+                        val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+                        minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+                    } ?: true
 
                     if (!isValid) {
                         _viewEvents.post(OnboardingViewEvents.Failure(Throwable(stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error))))
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Ajout d'une politique de mot de passe sur l'export manuel des clés.