Removed max_length from username/password fields in login page

Fixes bug 959179 The field validation on the login page may lead to security issues - it should accept any input, without validation. Not to tell hackers what range to probe.. The validation should be only on create/update User page. Updates the translation files for the new strings. Change-Id: Ib3bc72a024fe3e39e06bf948c6aaca8f2b1e60ee
2012-03-21 20:47:40 +02:00
parent 7d3a0f4d15
commit a7db3bc3a3
19 changed files with 609 additions and 449 deletions
--- a/horizon/utils/validators.py
+++ b/horizon/utils/validators.py
@@ -17,10 +17,9 @@
 import re

 from django.conf import settings
-
 from django.core import validators
 from django.core.exceptions import ValidationError
-
+from django.utils.translation import ugettext as _

 ipv4_cidr_re = re.compile(r'^(25[0-5]|2[0-4]\d|[0-1]?\d?\d)'   # 0-255
                           '(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}'  # 3x .0-255
@@ -28,6 +27,8 @@ ipv4_cidr_re = re.compile(r'^(25[0-5]|2[0-4]\d|[0-1]?\d?\d)'   # 0-255


 validate_ipv4_cidr = validators.RegexValidator(ipv4_cidr_re)
+horizon_config = getattr(settings, "HORIZON_CONFIG", {})
+password_config = horizon_config.get("password_validator", {})


 def validate_port_range(port):
@@ -36,12 +37,8 @@ def validate_port_range(port):


 def password_validator():
-    config = getattr(settings, "HORIZON_CONFIG", {})
-    password_config = config.get("password_validator", {})
    return password_config.get("regex", ".*")


 def password_validator_msg():
-    config = getattr(settings, "HORIZON_CONFIG", {})
-    password_config = config.get("password_validator", {})
-    return password_config.get("help_text", None)
+    return password_config.get("help_text", _("Password is not accepted"))