[users] Allow an explicit check for non-emptiness of passwords

- move the explicit checking for non-empty into a specific (normal) password check - leave only the-two-fields-are-equal outside of the password- requirements framework - having non-empty is the same as minLength 1, but gives a different error message
6 years ago · cc66903678
parent ffbc1a3e7d
commit cc66903678
2 changed files with 18 additions and 10 deletions
--- a/src/modules/users/UsersPage.cpp
+++ b/src/modules/users/UsersPage.cpp
@ -407,14 +407,7 @@ UsersPage::validateHostnameText( const QString& textRef )
 bool
 UsersPage::checkPasswordAcceptance( const QString& pw1, const QString& pw2, QLabel* badge, QLabel* message )
 {
-    if ( pw1.isEmpty() && pw2.isEmpty() )
-    {
-        // Not exactly labelOk() because we also don't want a checkmark OK
-        badge->clear();
-        message->clear();
-        return false;
-    }
-    else if ( pw1 != pw2 )
+    if ( pw1 != pw2 )
    {
        labelError( badge, message, tr( "Your passwords do not match!" ) );
        return false;
@ -510,6 +503,14 @@ UsersPage::addPasswordCheck( const QString& key, const QVariant& value )
    {
        add_check_maxLength( m_passwordChecks, value );
    }
+    else if ( key == "nonempty" )
+    {
+        if ( value.toBool() )
+        {
+            m_passwordChecks.push_back( PasswordCheck( []() { return QCoreApplication::translate( "EMP", "Password is empty" ); },
+                                    []( const QString& s ) { return ((cDebug() << "Checking pwd" << s << "for empty"), !s.isEmpty()); } ) );
+        }
+    }
 #ifdef CHECK_PWQUALITY
    else if ( key == "libpwquality" )
    {
--- a/src/modules/users/users.conf
+++ b/src/modules/users/users.conf
@ -58,8 +58,14 @@ setRootPassword: true
 doReusePassword: true

 # These are optional password-requirements that a distro can enforce
-# on the user. The values given in this sample file disable each check,
-# as if the check was not listed at all.
+# on the user. The values given in this sample file set only very weak
+# validation settings.
+#
+# - nonempty rejects empty passwords
+# - there are no length validations
+# - libpwquality (if it is enabled at all) has no length of class
+#   restrictions, although it will still reject palindromes and
+#   dictionary words with these settings.
 #
 # Checks may be listed multiple times; each is checked separately,
 # and no effort is done to ensure that the checks are consistent
@ -84,6 +90,7 @@ doReusePassword: true
 #    (That will show the box *Allow weak passwords* in the user-
 #    interface, and check it by default).
 passwordRequirements:
+    nonempty: true
    minLength: -1  # Password at least this many characters
    maxLength: -1  # Password at most this many characters
    libpwquality: