Skip to content

Commit

Permalink
add attribution + fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
niladic committed Oct 16, 2024
1 parent de51418 commit f26ffb0
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 7 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,3 +76,8 @@ http://localhost:9000
- Pour lancer le serveur sans docker `sbt run` (Vous pouvez regarder les variables d'environnement indispensables dans le `docker-compose.yml` et la liste des variables dans le `application.conf`)
- Les commandes pour le frontend sont dans `package.json` : `npm run watch` (dev), `npm run clean` (supprime ce qui a été installé par `npm install`), `npm run build` (bundle prod) -->


## Attribution

Le projet inclut le fichier `data/french_passwords_top20000.txt` sous licence [Creative Commons Attribution 4.0 International](https://creativecommons.org/licenses/by/4.0/) provenant du dépôt [tarraschk/richelieu](https://github.com/tarraschk/richelieu).
8 changes: 6 additions & 2 deletions app/controllers/LoginController.scala
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,11 @@ class LoginController @Inject() (

def passwordReinitializationEmailPage: Action[AnyContent] =
Action { implicit request =>
Ok(views.password.reinitializationEmailPage(PasswordRecovery.form))
val form = request.session.get(Keys.Session.passwordEmail) match {
case None => PasswordRecovery.form
case Some(email) => PasswordRecovery.form.fill(PasswordRecovery(email))
}
Ok(views.password.reinitializationEmailPage(form))
}

def passwordReinitializationEmail: Action[AnyContent] =
Expand Down Expand Up @@ -377,7 +381,7 @@ class LoginController @Inject() (
views.password
.reinitializationEmailPage(form, errorMessage = (title, description).some)
)
.withSession(request.session - Keys.Session.passwordEmail)
.removingFromSession(Keys.Session.passwordEmail)
},
expiration => {
eventService.logSystem(
Expand Down
3 changes: 2 additions & 1 deletion app/helper/PlayFormHelpers.scala
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ object PlayFormHelpers {
_.map(commonStringInputNormalization).filter(_.nonEmpty)
)

// Source: https://github.com/tarraschk/richelieu
val commonPasswords: Set[String] =
scala.io.Source.fromFile("data/french_passwords_top20000.txt").getLines().map(_.trim).toSet

Expand All @@ -30,7 +31,7 @@ object PlayFormHelpers {
.verifying(maxLength(1000))
.verifying(
"Le mot de passe ne peut pas commencer ou terminer par une espace " +
"(Cependant, les espaces sont autorisés à l’intérieur du mot de passe).",
"(Cependant, les espaces sont autorisées à l’intérieur du mot de passe).",
password => password.trim === password
)
.verifying(
Expand Down
4 changes: 3 additions & 1 deletion app/services/PasswordService.scala
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ class PasswordService @Inject() (
private def generateRandomToken(): String =
MiscHelpers.secureRandom.alphanumeric.take(30).mkString

// TODO: rate limit the recovery emails
def sendRecoverEmail(email: String, ipAddress: String): Future[Either[Error, Instant]] =
userService
.byEmailEither(email, includeDisabled = true)
Expand Down Expand Up @@ -137,6 +136,7 @@ class PasswordService @Inject() (
token.expirationDate
case nonExpiredTokens =>
val lastToken = nonExpiredTokens.sortBy(_.creationDate).reverse.head
// This rate-limits the recovery emails at 1 per 30 seconds
if (lastToken.creationDate.plusSeconds(30).isBefore(Instant.now())) {
val _ = notificationService.newPasswordRecoveryLinkEmail(
user.name,
Expand Down Expand Up @@ -218,10 +218,12 @@ class PasswordService @Inject() (
val _ = SQL"""INSERT INTO password (
user_id,
password_hash,
creation_date,
last_update
) VALUES (
${userId}::uuid,
${hash},
${now},
${now}
)
ON CONFLICT (user_id)
Expand Down
7 changes: 4 additions & 3 deletions conf/evolutions/default/76.sql
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@
CREATE TABLE password (
user_id uuid PRIMARY KEY,
password_hash varchar(10000) NOT NULL,
last_update timestamp NOT NULL
creation_date timestamptz NOT NULL,
last_update timestamptz NOT NULL
);

CREATE TABLE password_recovery_token (
token varchar(100) NOT NULL PRIMARY KEY,
user_id uuid NOT NULL,
creation_date timestamp NOT NULL,
expiration_date timestamp NOT NULL,
creation_date timestamptz NOT NULL,
expiration_date timestamptz NOT NULL,
ip_address inet NOT NULL,
used boolean DEFAULT false NOT NULL
);
Expand Down

0 comments on commit f26ffb0

Please sign in to comment.