From 64017195da56b5fcefce23e37367b83e2a404707 Mon Sep 17 00:00:00 2001
From: Nigel Kukard <nkukard@lbsd.net>
Date: Fri, 17 Mar 2023 03:45:37 +0000
Subject: [PATCH] feat(authentication): check password policy during user
 profile password change

---
 powerdnsadmin/routes/user.py              | 13 +++++++++++++
 powerdnsadmin/templates/user_profile.html | 19 ++++++++++++++-----
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/powerdnsadmin/routes/user.py b/powerdnsadmin/routes/user.py
index 65d7e08..adba502 100644
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@@ -9,6 +9,8 @@ from flask_login import current_user, login_required, login_manager
 
 from ..models.user import User, Anonymous
 from ..models.setting import Setting
+from .index import password_policy_check
+
 
 user_bp = Blueprint('user',
                     __name__,
@@ -79,12 +81,23 @@ def profile():
                             .format(current_user.username)
                         }), 400)
 
+        (password_policy_pass, password_policy) = password_policy_check(current_user.get_user_info_by_username(), new_password)
+        if not password_policy_pass:
+            if request.data:
+                return make_response(
+                    jsonify({
+                        'status': 'error',
+                        'msg': password_policy['password'],
+                    }), 400)
+            return render_template('user_profile.html', error_messages=password_policy)
+
         user = User(username=current_user.username,
                     plain_text_password=new_password,
                     firstname=firstname,
                     lastname=lastname,
                     email=email,
                     reload_info=False)
+
         user.update_profile()
 
         return render_template('user_profile.html')
diff --git a/powerdnsadmin/templates/user_profile.html b/powerdnsadmin/templates/user_profile.html
index 3bb9971..ee161bb 100644
--- a/powerdnsadmin/templates/user_profile.html
+++ b/powerdnsadmin/templates/user_profile.html
@@ -34,13 +34,13 @@
                             <div class="nav-tabs-custom mb-2">
                                 <ul class="nav nav-tabs" role="tablist">
                                     <li class="nav-item">
-                                        <a class="nav-link active" href="#tabs-personal" data-toggle="tab">
+                                        <a class="nav-link {{ 'active' if not error_messages else '' }}" href="#tabs-personal" data-toggle="tab">
                                             Personal Info
                                         </a>
                                     </li>
                                     {% if session['authentication_type'] == 'LOCAL' %}
                                         <li class="nav-item">
-                                            <a class="nav-link" href="#tabs-password" data-toggle="tab">
+                                            <a class="nav-link {{ 'active' if 'password' in error_messages else '' }}" href="#tabs-password" data-toggle="tab">
                                                 Change Password
                                             </a>
                                         </li>
@@ -57,7 +57,8 @@
                             <!-- /.nav-tabs-custom -->
 
                             <div class="tab-content">
-                                <div class="tab-pane fade show active" id="tabs-personal">
+                                <div class="tab-pane fade {{ 'show active' if not error_messages else '' }}"
+                                        id="tabs-personal">
                                     <form role="form" method="post" action="{{ user_profile }}">
                                         <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                                         <div class="form-group">
@@ -91,7 +92,8 @@
                                 <!-- /.tab-pane -->
 
                                 {% if session['authentication_type'] == 'LOCAL' %}
-                                    <div class="tab-pane fade" id="tabs-password">
+                                    <div class="tab-pane fade {{ 'show active' if 'password' in error_messages else '' }}"
+                                            id="tabs-password">
                                         {% if not current_user.password %}
                                             Your account password is managed via LDAP which isn't supported to
                                             change here.
@@ -101,8 +103,15 @@
                                                        value="{{ csrf_token() }}">
                                                 <div class="form-group">
                                                     <label for="password">New Password</label>
-                                                    <input type="password" class="form-control" name="password"
+                                                    <input type="password" class="form-control {{ 'is-invalid' if 'password' in error_messages else '' }}"
+                                                           name="password"
                                                            id="newpassword">
+                                                    {% if 'password' in error_messages %}
+                                                    <div class="invalid-feedback">
+                                                        <i class="fas fa-exclamation-triangle"></i>
+                                                        {{ error_messages['password'] }}
+                                                    </div>
+                                                    {% endif %}
                                                 </div>
                                                 <div class="form-group">
                                                     <label for="rpassword">Re-type New Password</label>