From 0b1eb319f02cc72c9fdecb57d8bb46abb640af61 Mon Sep 17 00:00:00 2001 From: Yoan Pintas Date: Thu, 19 Dec 2024 14:05:23 +0100 Subject: [PATCH] Add password policy to export keys (#1145) --- changelog.d/1145.misc | 1 + .../app/features/crypto/keys/KeysExporter.kt | 33 +++++++++++++++++++ .../onboarding/OnboardingViewModel.kt | 18 +++++----- 3 files changed, 43 insertions(+), 9 deletions(-) create mode 100644 changelog.d/1145.misc diff --git a/changelog.d/1145.misc b/changelog.d/1145.misc new file mode 100644 index 0000000000..12b6be1858 --- /dev/null +++ b/changelog.d/1145.misc @@ -0,0 +1 @@ +Ajout d'une politique de mot de passe sur l'export manuel des clés. \ No newline at end of file diff --git a/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt b/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt index 556d9bcec3..6a84875b6e 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt @@ -20,11 +20,19 @@ import android.content.Context import android.net.Uri import im.vector.app.core.dispatchers.CoroutineDispatchers import im.vector.app.core.extensions.safeOpenOutputStream +import im.vector.app.core.resources.StringProvider +import im.vector.lib.strings.CommonStrings import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.auth.AuthenticationService +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.failure.Failure +import org.matrix.android.sdk.api.failure.MatrixError import org.matrix.android.sdk.api.session.Session import javax.inject.Inject class KeysExporter @Inject constructor( + private val authenticationService: AuthenticationService, + private val stringProvider: StringProvider, private val session: Session, private val context: Context, private val dispatchers: CoroutineDispatchers @@ -34,6 +42,7 @@ class KeysExporter @Inject constructor( */ suspend fun export(password: String, uri: Uri) { withContext(dispatchers.io) { + checkPasswordPolicy(password) val data = session.cryptoService().exportRoomKeys(password) context.safeOpenOutputStream(uri) ?.use { it.write(data) } @@ -56,6 +65,30 @@ class KeysExporter @Inject constructor( } } } + + // TCHAP add policy on the password to export keys + private suspend fun checkPasswordPolicy(password: String) { + val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(session.sessionParams.homeServerConnectionConfig) } + val isValid = passwordPolicy?.let { policy -> + val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true + val hasDigit = policy.requireDigit == null || password.any { it.isDigit() } + val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() } + val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() } + val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() } + + minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol + } ?: true + + if (!isValid) { + throw Failure.ServerError( + error = MatrixError( + code = MatrixError.M_WEAK_PASSWORD, + message = stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error) + ), + httpCode = 400 + ) + } + } } class UnexpectedExportKeysFileSizeException(expectedFileSize: Long, actualFileSize: Long) : IllegalStateException( diff --git a/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt b/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt index 7f8bdb7a5b..9169e9686e 100644 --- a/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt @@ -1033,15 +1033,15 @@ class OnboardingViewModel @AssistedInject constructor( } else { currentJob = viewModelScope.launch { val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(homeServerConnectionConfig) } - val isValid = if (passwordPolicy != null) { - passwordPolicy.minLength?.let { it <= password.length } ?: true && - passwordPolicy.requireDigit?.let { it && password.any { char -> char.isDigit() } } ?: true && - passwordPolicy.requireLowercase?.let { it && password.any { char -> char.isLetter() && char.isLowerCase() } } ?: true && - passwordPolicy.requireUppercase?.let { it && password.any { char -> char.isLetter() && char.isUpperCase() } } ?: true && - passwordPolicy.requireSymbol?.let { it && password.any { char -> !char.isLetter() && !char.isDigit() } } ?: true - } else { - true - } + val isValid = passwordPolicy?.let { policy -> + val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true + val hasDigit = policy.requireDigit == null || password.any { it.isDigit() } + val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() } + val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() } + val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() } + + minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol + } ?: true if (!isValid) { _viewEvents.post(OnboardingViewEvents.Failure(Throwable(stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error))))