From 4eeac8d71a8eaadf63b93d77fa18ce136d212058 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 10 Jul 2019 15:32:47 -0400
Subject: [PATCH] Explore password evaluation as an option.

Password rules may be relevant to some scenarios.  In such a case, this
can provide guidance if the BMC does not have such a facility or
alternatively provide friendlier warnings than the BMC provides
around shortcomings of the password.
---
 confluent_server/confluent/messages.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py
index ec421e84..75258650 100644
--- a/confluent_server/confluent/messages.py
+++ b/confluent_server/confluent/messages.py
@@ -668,6 +668,27 @@ class InputAttributes(ConfluentMessage):
                         )
         return nodeattr
 
+def checkPassword(password, username):
+     lowercase = set('abcdefghijklmnopqrstuvwxyz')
+     uppercase = set('abcdefghijklmnopqrstuvwxyz'.upper())
+     numbers = set('0123456789')
+     special = set('`~!@#$%^&*()-_=+[{]};:"/?.>,<' + "'")
+     if not bool(set(password.lower()) & lowercase):  # rule 1
+         raise exc.InvalidArgumentException('Password must contain at least one letter')
+     thepass = set(password)
+     if not bool(thepass & numbers):  # rule 2
+         raise exc.InvalidArgumentException('Password must contain at least one number')
+     classes = 0
+     for charclass in (lowercase, uppercase, special):
+         if bool(thepass & charclass):
+             classes += 1
+     if classes < 2:
+         raise exc.InvalidArgumentException('Password must contain at least two of upper case letter, lower case letter, and/or special character')
+     if username and password in (username, username[::-1]): # rule 4
+         raise exc.InvalidArgumentException('Password must not be similar to username')
+     if len(password) < 12:
+         raise exc.InvalidArgumentException('Password must be at least 12 characters long')
+
 
 class InputCredential(ConfluentMessage):
     valid_privilege_levels = set([
@@ -708,6 +729,8 @@ class InputCredential(ConfluentMessage):
             inputdata['enabled'] not in self.valid_enabled_values):
             raise exc.InvalidArgumentException('valid values for enabled are '
                                                             + 'yes and no')
+        if 'password' in inputdata:
+            checkPassword(inputdata['password'], inputdata.get('username', None))
         if nodes is None:
             raise exc.InvalidArgumentException(
                 'This only supports per-node input')