Skip to content

Commit

Permalink
feat: warn users to change their passwords [DET-10216] (#9519)
Browse files Browse the repository at this point in the history
  • Loading branch information
jesse-amano-hpe authored Jun 14, 2024
1 parent 2bce8b6 commit 66ec006
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 1 deletion.
9 changes: 9 additions & 0 deletions harness/determined/cli/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,15 @@ def log_in_user(args: argparse.Namespace) -> None:
except api.errors.UnauthenticatedException:
raise api.errors.InvalidCredentialsException()

try:
authentication.check_password_complexity(password)
except ValueError as e:
print(
"Warning: your password does not appear to satisfy "
+ f"recommended complexity requirements:\n{e}\n"
+ "Please change your password as soon as possible."
)

token_store.set_token(sess.username, sess.token)
token_store.set_active(sess.username)

Expand Down
9 changes: 9 additions & 0 deletions harness/determined/common/api/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,15 @@ def login_with_cache(
raise api.errors.UnauthenticatedException()
raise

try:
check_password_complexity(password)
except ValueError as e:
print(
"Warning: your password does not appear to satisfy "
+ f"recommended complexity requirements:\n{e}\n"
+ "Please change your password as soon as possible."
)

token_store.set_token(user, token)

return sess
Expand Down
12 changes: 11 additions & 1 deletion webui/react/src/components/DeterminedAuth.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,10 @@ import authStore from 'stores/auth';
import determinedStore from 'stores/determinedInfo';
import permissionStore from 'stores/permissions';
import userStore from 'stores/users';
import handleError, { ErrorType } from 'utils/error';
import handleError, { ErrorLevel, ErrorType, handleWarning } from 'utils/error';
import { useObservable } from 'utils/observable';
import { StorageManager } from 'utils/storage';
import { isPasswordWeak } from 'utils/user';

import css from './DeterminedAuth.module.scss';

Expand Down Expand Up @@ -54,7 +55,16 @@ const DeterminedAuth: React.FC<Props> = ({ canceler }: Props) => {
);
updateDetApi({ apiKey: `Bearer ${token}` });
authStore.setAuth({ isAuthenticated: true, token });
user.isPasswordWeak = isPasswordWeak(creds.password || '');
userStore.updateCurrentUser(user);
handleWarning({
level: ErrorLevel.Warn,
publicMessage:
'Your current password is either blank or weak according to current security recommendations. Please change your password.',
publicSubject: 'Weak Password',
silent: false,
type: ErrorType.Input,
});
if (rbacEnabled) {
// Now that we have logged in user, fetch userAssignments and userRoles and place into store.
permissionStore.fetch(canceler.signal);
Expand Down
1 change: 1 addition & 0 deletions webui/react/src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ export const DetailedUser = t.intersection([
User,
t.partial({
agentUserGroup: AgentUserGroup,
isPasswordWeak: t.boolean,
remote: t.boolean,
}),
t.type({
Expand Down
14 changes: 14 additions & 0 deletions webui/react/src/utils/user.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { PASSWORD_RULES } from 'constants/passwordRules';
import { V1Group, V1RoleWithAssignments } from 'services/api-ts-sdk';
import {
DetailedUser,
Expand Down Expand Up @@ -85,3 +86,16 @@ export const getUserOrGroupWithRoleInfo = (
.filter((d) => d.userId !== -1);
return [...groups, ...users];
};

export function isPasswordWeak(password: string): boolean {
let isWeak = false;
PASSWORD_RULES.forEach((rule) => {
if (rule.min && password.length < rule.min) {
isWeak = true;
}
if (rule.pattern && !RegExp(rule.pattern).test(password)) {
isWeak = true;
}
});
return isWeak;
}

0 comments on commit 66ec006

Please sign in to comment.