Configurable max password length (bug 1175906)

DocImpact

Change-Id: I1b1de8f7e07afe8af8a5cbb83de7f935cea04670
This commit is contained in:
Dolph Mathews 2013-05-17 08:39:10 -05:00 committed by Morgan Fainberg
parent a4243e14b8
commit 55ca347e25
5 changed files with 15 additions and 13 deletions

@ -100,6 +100,9 @@
# exist to order to maintain support for your v2 clients.
# default_domain_id = default
# Maximum supported length for user passwords; decrease to improve performance.
# max_password_length = 4096
[credential]
# driver = keystone.credential.backends.sql.Credential

@ -210,6 +210,7 @@ def configure():
# identity
register_str('default_domain_id', group='identity', default='default')
register_int('max_password_length', group='identity', default=4096)
# trust
register_bool('enabled', group='trust', default=True)

@ -36,8 +36,6 @@ config.register_int('crypt_strength', default=40000)
LOG = logging.getLogger(__name__)
MAX_PASSWORD_LENGTH = 4096
def read_cached_file(filename, cache_info, reload_func=None):
"""Read from a file if it has been modified.
@ -68,12 +66,13 @@ class SmarterEncoder(json.JSONEncoder):
def trunc_password(password):
"""Truncate passwords to the MAX_PASSWORD_LENGTH."""
"""Truncate passwords to the max_length."""
max_length = CONF.identity.max_password_length
try:
if len(password) > MAX_PASSWORD_LENGTH:
return password[:MAX_PASSWORD_LENGTH]
else:
return password
if len(password) > max_length:
LOG.warning(
_('Truncating user password to %s characters.') % max_length)
return password[:max_length]
except TypeError:
raise exception.ValidationError(attribute='string', target='password')

@ -4,7 +4,6 @@ from keystone.common import cms
from keystone.common import controller
from keystone.common import dependency
from keystone.common import logging
from keystone.common import utils
from keystone.common import wsgi
from keystone import config
from keystone import exception
@ -215,10 +214,9 @@ class Auth(controller.V2Controller):
attribute='password', target='passwordCredentials')
password = auth['passwordCredentials']['password']
max_pw_size = utils.MAX_PASSWORD_LENGTH
if password and len(password) > max_pw_size:
raise exception.ValidationSizeError(attribute='password',
size=max_pw_size)
if password and len(password) > CONF.identity.max_password_length:
raise exception.ValidationSizeError(
attribute='password', size=CONF.identity.max_password_length)
if ("userId" not in auth['passwordCredentials'] and
"username" not in auth['passwordCredentials']):

@ -179,7 +179,8 @@ class AuthBadRequests(AuthTest):
def test_authenticate_password_too_large(self):
"""Verify sending large 'password' raises the right exception."""
body_dict = _build_user_auth(username='FOO', password='0' * 8193)
length = CONF.identity.max_password_length + 1
body_dict = _build_user_auth(username='FOO', password='0' * length)
self.assertRaises(exception.ValidationSizeError,
self.controller.authenticate,
{}, body_dict)