Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
Added configuration for owasp. Synchronize client owap configs with t…
Browse files Browse the repository at this point in the history
…he server configs.

Also added a time indicator on failed login attempts to give the user feedback on subsequent failed login attempts.
  • Loading branch information
wansco committed Sep 8, 2016
1 parent dd80951 commit d896d07
Show file tree
Hide file tree
Showing 7 changed files with 42 additions and 4 deletions.
7 changes: 7 additions & 0 deletions config/env/development.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,13 @@ module.exports = {
callbackURL: '/api/auth/paypal/callback',
sandbox: true
},
owasp: {
allowPassphrases: true,
maxLength: 128,
minLength: 4,
minPhraseLength: 20,
minOptionalTestsToPass: 2
},
mailer: {
from: process.env.MAILER_FROM || 'MAILER_FROM',
options: {
Expand Down
7 changes: 7 additions & 0 deletions config/env/production.js
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,13 @@ module.exports = {
callbackURL: '/api/auth/paypal/callback',
sandbox: false
},
owasp: {
allowPassphrases : true,
maxLength : 128,
minLength : 10,
minPhraseLength : 20,
minOptionalTestsToPass : 4,
},
mailer: {
from: process.env.MAILER_FROM || 'MAILER_FROM',
options: {
Expand Down
13 changes: 10 additions & 3 deletions modules/users/client/services/password-validator.client.service.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,18 @@
.module('users.services')
.factory('PasswordValidator', PasswordValidator);

PasswordValidator.$inject = ['$window'];
PasswordValidator.$inject = ['$window', '$http'];

function PasswordValidator($window) {
function PasswordValidator($window, $http) {
var owaspPasswordStrengthTest = $window.owaspPasswordStrengthTest;

// get the owasp config from the server configuration
$http.get('/password/rules').success(function (response) {
owaspPasswordStrengthTest.configs = response; // same owasp config used on the server
}).error(function (response) {
// well, it should fall back on the default owasp config defined in that package
});

var service = {
getResult: getResult,
getPopoverMsg: getPopoverMsg
Expand All @@ -24,7 +31,7 @@
}

function getPopoverMsg() {
var popoverMsg = 'Please enter a passphrase or password with 10 or more characters, numbers, lowercase, uppercase, and special characters.';
var popoverMsg = 'Please enter a passphrase or password with ' + owaspPasswordStrengthTest.configs.minLength + ' or more characters, numbers, lowercase, uppercase, and special characters.';

return popoverMsg;
}
Expand Down
2 changes: 1 addition & 1 deletion modules/users/server/config/strategies/local.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ module.exports = function () {
}
if (!user || !user.authenticate(password)) {
return done(null, false, {
message: 'Invalid username or password'
message: 'Invalid username or password (' + (new Date()).toLocaleTimeString() + ')'
});
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,13 @@ var path = require('path'),

var smtpTransport = nodemailer.createTransport(config.mailer.options);

/**
* Get the server defined owasp config for the client
*/
exports.getowaspconfig = function (req, res) {
res.json(config.owasp);
};

/**
* Forgot for reset password (forgot POST)
*/
Expand Down
6 changes: 6 additions & 0 deletions modules/users/server/models/user.server.model.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,18 @@
* Module dependencies
*/
var mongoose = require('mongoose'),
path = require('path'),
config = require(path.resolve('./config/config')),
Schema = mongoose.Schema,
crypto = require('crypto'),
validator = require('validator'),
generatePassword = require('generate-password'),
owasp = require('owasp-password-strength-test');


owasp.configs = config.owasp;


/**
* A Validation function for local strategy properties
*/
Expand Down
4 changes: 4 additions & 0 deletions modules/users/server/routes/auth.server.routes.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,4 +54,8 @@ module.exports = function (app) {
// Setting the paypal oauth routes
app.route('/api/auth/paypal').get(users.oauthCall('paypal'));
app.route('/api/auth/paypal/callback').get(users.oauthCallback('paypal'));


// get the config settings for the client side owasp
app.route('/password/rules').get(users.getowaspconfig);
};

0 comments on commit d896d07

Please sign in to comment.