summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorBrendan Abolivier <babolivier@matrix.org>2019-05-21 10:21:27 +0100
committerBrendan Abolivier <babolivier@matrix.org>2019-05-21 10:21:27 +0100
commit42cea6b4373c41fa44db1cc6c202ef97e32f4a18 (patch)
tree17d2000d40645d7fac1e56009a3229edfac65e00 /synapse
parentAlso test the /password client route (diff)
downloadsynapse-42cea6b4373c41fa44db1cc6c202ef97e32f4a18.tar.xz
Make error messages more explicit
Diffstat (limited to 'synapse')
-rw-r--r--synapse/api/errors.py8


-rw-r--r--synapse/handlers/password_policy.py31


2 files changed, 31 insertions, 8 deletions
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index 22e0fcfa83..e6c67acf96 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -361,10 +361,14 @@ class PasswordRefusedError(SynapseError):
     """A password has been refused, either during password reset/change or registration.
     """
 
-    def __init__(self, errcode=Codes.WEAK_PASSWORD):
+    def __init__(
+        self,
+        msg="This password doesn't comply with the server's policy",
+        errcode=Codes.WEAK_PASSWORD,
+    ):
         super(PasswordRefusedError, self).__init__(
             code=400,
-            msg="This password doesn't comply with the server's policy",
+            msg=msg,
             errcode=errcode,
         )
 
diff --git a/synapse/handlers/password_policy.py b/synapse/handlers/password_policy.py
index 10e6360ecb..9994b44455 100644
--- a/synapse/handlers/password_policy.py
+++ b/synapse/handlers/password_policy.py
@@ -46,29 +46,48 @@ class PasswordPolicyHandler(object):
         if not self.enabled:
             return
 
-        if len(password) < self.policy.get("minimum_length", 0):
-            raise PasswordRefusedError(Codes.PASSWORD_TOO_SHORT)
+        minimum_accepted_length = self.policy.get("minimum_length", 0)
+        if len(password) < minimum_accepted_length:
+            raise PasswordRefusedError(
+                msg=(
+                    "The password must be at least %d characters long"
+                    % minimum_accepted_length
+                ),
+                errcode=Codes.PASSWORD_TOO_SHORT,
+            )
 
         if (
             self.policy.get("require_digit", False) and
             self.regexp_digit.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_DIGIT)
+            raise PasswordRefusedError(
+                msg="The password must include at least one digit",
+                errcode=Codes.PASSWORD_NO_DIGIT,
+            )
 
         if (
             self.policy.get("require_symbol", False) and
             self.regexp_symbol.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_SYMBOL)
+            raise PasswordRefusedError(
+                msg="The password must include at least one symbol",
+                errcode=Codes.PASSWORD_NO_SYMBOL,
+            )
 
         if (
             self.policy.get("require_uppercase", False) and
             self.regexp_uppercase.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_UPPERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one uppercase letter",
+                errcode=Codes.PASSWORD_NO_UPPERCASE,
+            )
 
         if (
             self.policy.get("require_lowercase", False) and
             self.regexp_lowercase.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_LOWERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one lowercase letter",
+                errcode=Codes.PASSWORD_NO_LOWERCASE,
+            )

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-06 17:19:08 +0000