Merge pull request #4390 from oniko94/feature/T6353-add-password-complexity-validation

T6353: Add password complexity validation for system login user

2 files changed, 23 insertions, 3 deletions

diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py
index edf940efd..f0674f187 100644
--- a/smoketest/scripts/cli/base_vyostest_shim.py
+++ b/smoketest/scripts/cli/base_vyostest_shim.py
@@ -94,14 +94,18 @@ class VyOSUnitTestSHIM:
         def cli_commit(self):
             if self.debug:
                 print('commit')
-            self._session.commit()
             # During a commit there is a process opening commit_lock, and run()
             # returns 0
             while run(f'sudo lsof -nP {commit_lock}') == 0:
                 sleep(0.250)
+            # Return the output of commit
+            # Necessary for testing Warning cases
+            out = self._session.commit()
             # Wait for CStore completion for fast non-interactive commits
             sleep(self._commit_guard_time)
 
+            return out
+
         def op_mode(self, path : list) -> None:
             """
             Execute OP-mode command and return stdout
diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py
index d79f5521c..ed72f378e 100755
--- a/smoketest/scripts/cli/test_system_login.py
+++ b/smoketest/scripts/cli/test_system_login.py
@@ -25,7 +25,9 @@ import shutil
 
 from base_vyostest_shim import VyOSUnitTestSHIM
 
+from contextlib import redirect_stdout
 from gzip import GzipFile
+from io import StringIO, TextIOWrapper
 from subprocess import Popen
 from subprocess import PIPE
 from pwd import getpwall
@@ -42,6 +44,7 @@ from vyos.xml_ref import default_value
 
 base_path = ['system', 'login']
 users = ['vyos1', 'vyos-roxx123', 'VyOS-123_super.Nice']
+weak_passwd_user = ['test_user', 'passWord1']
 
 ssh_test_command = '/opt/vyatta/bin/vyatta-op-cmd-wrapper show version'
 
@@ -194,18 +197,20 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):
     def test_system_login_user(self):
         for user in users:
             name = f'VyOS Roxx {user}'
+            passwd = f'{user}-pSWd-t3st'
             home_dir = f'/tmp/smoketest/{user}'
 
-            self.cli_set(base_path + ['user', user, 'authentication', 'plaintext-password', user])
+            self.cli_set(base_path + ['user', user, 'authentication', 'plaintext-password', passwd])
             self.cli_set(base_path + ['user', user, 'full-name', name])
             self.cli_set(base_path + ['user', user, 'home-directory', home_dir])
 
         self.cli_commit()
 
         for user in users:
+            passwd = f'{user}-pSWd-t3st'
             tmp = ['su','-', user]
             proc = Popen(tmp, stdin=PIPE, stdout=PIPE, stderr=PIPE)
-            tmp = f'{user}\nuname -a'
+            tmp = f'{passwd}\nuname -a'
             proc.stdin.write(tmp.encode())
             proc.stdin.flush()
             (stdout, stderr) = proc.communicate()
@@ -229,6 +234,17 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):
         tmp = cmd(f'sudo passwd -S {locked_user}')
         self.assertIn(f'{locked_user} P ', tmp)
 
+    def test_system_login_weak_password_warning(self):
+        self.cli_set(base_path + [
+            'user', weak_passwd_user[0], 'authentication',
+            'plaintext-password', weak_passwd_user[1]
+        ])
+
+        out = self.cli_commit().strip()
+
+        self.assertIn('WARNING: The password complexity is too low', out)
+        self.cli_delete(base_path + ['user', weak_passwd_user[0]])
+
     def test_system_login_otp(self):
         otp_user = 'otp-test_user'
         otp_password = 'SuperTestPassword'