Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement validate_password_strength() #2669

Merged
merged 7 commits into from
Sep 19, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 150 additions & 0 deletions enginetest/queries/script_queries.go
Original file line number Diff line number Diff line change
Expand Up @@ -7298,6 +7298,156 @@ where
},
},
},
{
Name: "validate_password_strength and validate_password.length",
SetUpScript: []string{
"set @orig = @@global.validate_password.length",
"set @@global.validate_password.length = 0",
},
Assertions: []ScriptTestAssertion{
{
Query: "select validate_password_strength('')",
Expected: []sql.Row{
{0},
},
},
{
Query: "select validate_password_strength('123')",
Expected: []sql.Row{
{0},
},
},
{
Query: "select validate_password_strength('1234')",
Expected: []sql.Row{
{50},
},
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.length = 1000",
},
{
Query: "select validate_password_strength('ABCabc123!@!#')",
Expected: []sql.Row{
{25},
},
},
{
Query: "set @@session.validate_password.length = 123",
ExpectedErrStr: "Variable 'validate_password.length' is a GLOBAL variable and should be set with SET GLOBAL",
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.length = @orig",
},
},
},
{
Name: "validate_password_strength and validate_password.number_count",
SetUpScript: []string{
"set @orig = @@global.validate_password.number_count",
"set @@global.validate_password.number_count = 0",
},
Assertions: []ScriptTestAssertion{
{
Query: "select validate_password_strength('ABCabc!@#')",
Expected: []sql.Row{
{100},
},
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.number_count = 1000",
},
{
Query: "select validate_password_strength('ABCabc!!!!123456789012345678901234567890')",
Expected: []sql.Row{
{50},
},
},
{
Query: "set @@session.validate_password.number_count = 123",
ExpectedErrStr: "Variable 'validate_password.number_count' is a GLOBAL variable and should be set with SET GLOBAL",
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.number_count = @orig",
},
},
},
{
Name: "validate_password_strength and validate_password.mixed_case_count",
SetUpScript: []string{
"set @orig = @@global.validate_password.mixed_case_count",
"set @@global.validate_password.mixed_case_count = 0",
},
Assertions: []ScriptTestAssertion{
{
Query: "select validate_password_strength('abcabc!@#123')",
Expected: []sql.Row{
{100},
},
},
{
Query: "select validate_password_strength('ABCABC!@#123')",
Expected: []sql.Row{
{100},
},
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.mixed_case_count = 1000",
},
{
Query: "select validate_password_strength('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456!?!?!?')",
Expected: []sql.Row{
{50},
},
},
{
Query: "set @@session.validate_password.mixed_case_count = 123",
ExpectedErrStr: "Variable 'validate_password.mixed_case_count' is a GLOBAL variable and should be set with SET GLOBAL",
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.mixed_case_count = @orig",
},
},
},
{
Name: "validate_password_strength and validate_password.special_char_count",
SetUpScript: []string{
"set @orig = @@global.validate_password.special_char_count",
"set @@global.validate_password.special_char_count = 0",
},
Assertions: []ScriptTestAssertion{
{
Query: "select validate_password_strength('abcABC123')",
Expected: []sql.Row{
{100},
},
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.special_char_count = 1000",
},
{
Query: "select validate_password_strength('abcABC123!@#$%^&*() ')",
Expected: []sql.Row{
{50},
},
},
{
Query: "set @@session.validate_password.special_char_count = 123",
ExpectedErrStr: "Variable 'validate_password.special_char_count' is a GLOBAL variable and should be set with SET GLOBAL",
},
{
SkipResultsCheck: true,
Query: "set @@global.validate_password.special_char_count = @orig",
},
},
},
}

var SpatialScriptTests = []ScriptTest{
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/dolthub/go-icu-regex v0.0.0-20240916130659-0118adc6b662
github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71
github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81
github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9
github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a
github.com/go-kit/kit v0.10.0
github.com/go-sql-driver/mysql v1.7.2-0.20231213112541-0004702b931d
github.com/gocraft/dbr/v2 v2.7.2
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71 h1:bMGS25NWAGTE
github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71/go.mod h1:2/2zjLQ/JOOSbbSboojeg+cAwcRV0fDLzIiWch/lhqI=
github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81 h1:7/v8q9XGFa6q5Ap4Z/OhNkAMBaK5YeuEzwJt+NZdhiE=
github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81/go.mod h1:siLfyv2c92W1eN/R4QqG/+RjjX5W2+gCTRjZxBjI3TY=
github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9 h1:2My8cED5m5/sFay7U4bvLxpECJccKj0cEKCqEA+63yU=
github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9/go.mod h1:uBvlRluuL+SbEWTCZ68o0xvsdYZER3CEG/35INdzfJM=
github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a h1:mec8AiILmZC9eX0zRQpfN/XfTfsiEZESjrNbw/wbW+k=
github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a/go.mod h1:uBvlRluuL+SbEWTCZ68o0xvsdYZER3CEG/35INdzfJM=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
Expand Down
123 changes: 123 additions & 0 deletions sql/expression/function/hash.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"fmt"
"hash"
"io"
"unicode"

"github.com/dolthub/go-mysql-server/sql"
"github.com/dolthub/go-mysql-server/sql/expression"
Expand Down Expand Up @@ -471,3 +472,125 @@ func (f *UncompressedLength) WithChildren(children ...sql.Expression) (sql.Expre
}
return NewUncompressedLength(children[0]), nil
}

// ValidatePasswordStrength function returns an integer to indicate how strong the password is.
// https://dev.mysql.com/doc/refman/8.4/en/validate-password.html
type ValidatePasswordStrength struct {
*UnaryFunc
}

const minPasswordLength = 4

var _ sql.FunctionExpression = (*ValidatePasswordStrength)(nil)
var _ sql.CollationCoercible = (*ValidatePasswordStrength)(nil)

// NewValidatePasswordStrength returns a new ValidatePasswordStrength function expression
func NewValidatePasswordStrength(arg sql.Expression) sql.Expression {
return &ValidatePasswordStrength{NewUnaryFunc(arg, "ValidatePasswordStrength", types.Uint32)}
}

// Description implements sql.FunctionExpression
func (f *ValidatePasswordStrength) Description() string {
return "returns an integer to indicate how strong the password is."
}

func (f *ValidatePasswordStrength) Type() sql.Type {
return types.Int32
}

// CollationCoercibility implements the interface sql.CollationCoercible.
func (*ValidatePasswordStrength) CollationCoercibility(ctx *sql.Context) (collation sql.CollationID, coercibility byte) {
return ctx.GetCollation(), 4
}

// Eval implements sql.Expression
func (f *ValidatePasswordStrength) Eval(ctx *sql.Context, row sql.Row) (interface{}, error) {
arg, err := f.EvalChild(ctx, row)
if err != nil {
return nil, err
}
if arg == nil {
return nil, nil
}

val, _, err := types.LongText.Convert(arg)
if err != nil {
return nil, nil
}
password := val.(string)
strength := 0
if len(password) < minPasswordLength {
return strength, nil
}
strength += 25

// Requirements for LOW password strength
_, passLen, ok := sql.SystemVariables.GetGlobal("validate_password.length")
if !ok {
return nil, err
}
passLenInt, ok := types.CoalesceInt(passLen)
if !ok {
return nil, fmt.Errorf("invalid value for validate_password.length: %v", passLen)
}
if len(password) < passLenInt {
return strength, nil
}
strength += 25

// Requirements for MEDIUM password strength
_, numCount, ok := sql.SystemVariables.GetGlobal("validate_password.number_count")
if !ok {
return nil, fmt.Errorf("error: validate_password.number_count variable was not found")
}
numCountInt, ok := types.CoalesceInt(numCount)
if !ok {
return nil, fmt.Errorf("invalid value for validate_password.number_count: %v", numCount)
}
_, mixCaseCount, ok := sql.SystemVariables.GetGlobal("validate_password.mixed_case_count")
if !ok {
return nil, fmt.Errorf("error: validate_password.mixed_case_count variable was not found")
}
mixCaseCountInt, ok := types.CoalesceInt(mixCaseCount)
if !ok {
return nil, fmt.Errorf("invalid value for validate_password.mixed_case_count: %v", mixCaseCount)
}
lowerCount, upperCount := mixCaseCountInt, mixCaseCountInt
_, specialCharCount, ok := sql.SystemVariables.GetGlobal("validate_password.special_char_count")
if !ok {
return nil, fmt.Errorf("error: validate_password.special_char_count variable was not found")
}
specialCharCountInt, ok := types.CoalesceInt(specialCharCount)
if !ok {
return nil, fmt.Errorf("invalid value for validate_password.special_char_count: %v", specialCharCount)
}
for _, c := range password {
if unicode.IsNumber(c) {
numCountInt--
} else if unicode.IsUpper(c) {
upperCount--
} else if unicode.IsLower(c) {
lowerCount--
} else {
specialCharCountInt--
}
}
if numCountInt > 0 || upperCount > 0 || lowerCount > 0 || specialCharCountInt > 0 {
return strength, nil
}
strength += 25

// Requirements for STRONG password strength
// TODO: support dictionary file substring matching
strength += 25

return strength, nil
}

// WithChildren implements sql.Expression
func (f *ValidatePasswordStrength) WithChildren(children ...sql.Expression) (sql.Expression, error) {
if len(children) != 1 {
return nil, sql.ErrInvalidChildrenNumber.New(f, len(children), 1)
}
return NewValidatePasswordStrength(children[0]), nil
}
45 changes: 45 additions & 0 deletions sql/expression/function/hash_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -437,3 +437,48 @@ func TestUncompressedLength(t *testing.T) {
})
}
}

func TestValidatePasswordStrength(t *testing.T) {
tests := []struct {
val sql.Expression
exp interface{}
}{
{
val: expression.NewLiteral(nil, types.Null),
exp: nil,
},
{
val: expression.NewLiteral(int64(1), types.Int64),
exp: 0,
},
{
val: expression.NewLiteral("1", types.Text),
exp: 0,
},
{
val: expression.NewLiteral("", types.Text),
exp: 0,
},
{
val: expression.NewLiteral("weak", types.Text),
exp: 25,
},
{
val: expression.NewLiteral("lessweak$_@123", types.Text),
exp: 50,
},
{
val: expression.NewLiteral("N0Tweak$_@123!", types.Text),
exp: 100,
},
}

for _, test := range tests {
f := NewValidatePasswordStrength(test.val)
t.Run(fmt.Sprintf(f.String()), func(t *testing.T) {
res, err := f.Eval(sql.NewEmptyContext(), nil)
require.NoError(t, err)
require.Equal(t, test.exp, res)
})
}
}
1 change: 1 addition & 0 deletions sql/expression/function/registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,7 @@ var BuiltIns = []sql.Function{
sql.FunctionN{Name: "uuid_to_bin", Fn: NewUUIDToBin},
sql.FunctionN{Name: "week", Fn: NewWeek},
sql.Function1{Name: "values", Fn: NewValues},
sql.Function1{Name: "validate_password_strength", Fn: NewValidatePasswordStrength},
sql.Function1{Name: "weekday", Fn: NewWeekday},
sql.Function1{Name: "weekofyear", Fn: NewWeekOfYear},
sql.Function1{Name: "year", Fn: NewYear},
Expand Down
Loading