Enforce master password policy (#79)

* Enforce master password policy

* Updated based on requested changes/discussions
This commit is contained in:
Vincent Salucci 2020-03-02 11:05:05 -06:00 committed by GitHub
parent 0f699515a4
commit 6210396aa9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 101 additions and 1 deletions

View File

@ -1,6 +1,7 @@
import { PolicyData } from '../models/data/policyData'; import { PolicyData } from '../models/data/policyData';
import { Policy } from '../models/domain/policy'; import { MasterPasswordPolicyOptions } from '../models/domain/masterPasswordPolicyOptions'
import { Policy } from '../models/domain/policy'
import { PolicyType } from '../enums/policyType'; import { PolicyType } from '../enums/policyType';
@ -11,4 +12,7 @@ export abstract class PolicyService {
getAll: (type?: PolicyType) => Promise<Policy[]>; getAll: (type?: PolicyType) => Promise<Policy[]>;
replace: (policies: { [id: string]: PolicyData; }) => Promise<any>; replace: (policies: { [id: string]: PolicyData; }) => Promise<any>;
clear: (userId: string) => Promise<any>; clear: (userId: string) => Promise<any>;
getMasterPasswordPolicyOptions: () => Promise<MasterPasswordPolicyOptions>;
evaluateMasterPassword: (passwordStrength: number, newPassword: string,
enforcedPolicyOptions?: MasterPasswordPolicyOptions) => boolean;
} }

View File

@ -0,0 +1,10 @@
import Domain from './domainBase';
export class MasterPasswordPolicyOptions extends Domain {
minComplexity: number = 0;
minLength: number = 0;
requireUpper: boolean = false;
requireLower: boolean = false;
requireNumbers: boolean = false;
requireSpecial: boolean = false;
}

View File

@ -5,6 +5,7 @@ import { UserService } from '../abstractions/user.service';
import { PolicyData } from '../models/data/policyData'; import { PolicyData } from '../models/data/policyData';
import { Policy } from '../models/domain/policy'; import { Policy } from '../models/domain/policy';
import { MasterPasswordPolicyOptions } from '../models/domain/masterPasswordPolicyOptions'
import { PolicyType } from '../enums/policyType'; import { PolicyType } from '../enums/policyType';
@ -52,4 +53,89 @@ export class PolicyService implements PolicyServiceAbstraction {
await this.storageService.remove(Keys.policiesPrefix + userId); await this.storageService.remove(Keys.policiesPrefix + userId);
this.policyCache = null; this.policyCache = null;
} }
async getMasterPasswordPolicyOptions(policies?: Policy[]): Promise<MasterPasswordPolicyOptions> {
let enforcedOptions: MasterPasswordPolicyOptions = null;
if (policies == null) {
policies = await this.getAll(PolicyType.MasterPassword);
} else {
policies = policies.filter((p) => p.type === PolicyType.MasterPassword);
}
if (policies == null || policies.length === 0) {
return enforcedOptions;
}
policies.forEach((currentPolicy) => {
if (!currentPolicy.enabled || currentPolicy.data == null) {
return;
}
if (enforcedOptions == null) {
enforcedOptions = new MasterPasswordPolicyOptions();
}
if (currentPolicy.data.minComplexity != null
&& currentPolicy.data.minComplexity > enforcedOptions.minComplexity) {
enforcedOptions.minComplexity = currentPolicy.data.minComplexity;
}
if (currentPolicy.data.minLength != null
&& currentPolicy.data.minLength > enforcedOptions.minLength) {
enforcedOptions.minLength = currentPolicy.data.minLength;
}
if (currentPolicy.data.requireUpper) {
enforcedOptions.requireUpper = true;
}
if (currentPolicy.data.requireLower) {
enforcedOptions.requireLower = true;
}
if (currentPolicy.data.requireNumbers) {
enforcedOptions.requireNumbers = true;
}
if (currentPolicy.data.requireSpecial) {
enforcedOptions.requireSpecial = true;
}
});
return enforcedOptions;
}
evaluateMasterPassword(passwordStrength: number, newPassword: string,
enforcedPolicyOptions: MasterPasswordPolicyOptions): boolean {
if (enforcedPolicyOptions == null) {
return true;
}
if (enforcedPolicyOptions.minComplexity > 0 && enforcedPolicyOptions.minComplexity > passwordStrength) {
return false;
}
if (enforcedPolicyOptions.minLength > 0 && enforcedPolicyOptions.minLength > newPassword.length) {
return false;
}
if (enforcedPolicyOptions.requireUpper && newPassword.toLocaleLowerCase() === newPassword) {
return false;
}
if (enforcedPolicyOptions.requireLower && newPassword.toLocaleUpperCase() === newPassword) {
return false;
}
if (enforcedPolicyOptions.requireNumbers && !(/[0-9]/.test(newPassword))) {
return false;
}
if (enforcedPolicyOptions.requireSpecial && !(/[!@#$%\^&*]/g.test(newPassword))) {
return false;
}
return true;
}
} }