external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Change read_password() logic to better catch improper passwords 

Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters.

If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password.

The setup script will then continue without an inital user being created and this will confuse users.
This commit is contained in:
Hnk Reno 2015-03-29 18:54:37 +02:00
parent 3d21f2223e
commit 6c64723d7c
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tools/mail.py
View File

@ -28,13 +28,17 @@ def mgmt(cmd, data=None, is_json=False):
return resp return resp
def read_password(): def read_password():
first = getpass.getpass('password: ') while True:
second = getpass.getpass(' (again): ') first = getpass.getpass('password: ')
while first != second: if len(first) < 4:
print('Passwords not the same. Try again.') print('Passwords must be at least four characters.')
first = getpass.getpass('password: ') continue
second = getpass.getpass(' (again): ') second = getpass.getpass(' (again): ')
return first if first != second:
print('Passwords not the same. Try again.')
continue
break
return first
def setup_key_auth(mgmt_uri): def setup_key_auth(mgmt_uri):
key = open('/var/lib/mailinabox/api.key').read().strip() key = open('/var/lib/mailinabox/api.key').read().strip()