From e73b7c5f6b7d57abf6b91c1d53022ce0c44ab7c2 Mon Sep 17 00:00:00 2001
From: Apex Liu <apex.liu@qq.com>
Date: Sat, 18 Nov 2017 01:20:27 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E5=BC=B1=E5=AF=86=E7=A0=81?=
 =?UTF-8?q?=E7=9A=84=E6=9C=8D=E5=8A=A1=E7=AB=AF=E6=A3=80=E6=B5=8B=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../teleport/static/js/audit/replay-ssh.js    |  4 ++--
 server/www/teleport/static/js/tp-utils.js     |  5 +---
 .../teleport/static/js/user/reset-password.js |  3 ++-
 server/www/teleport/webroot/app/base/utils.py | 23 ++++++++++++++++++-
 .../teleport/webroot/app/controller/user.py   |  6 +++++
 5 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/server/www/teleport/static/js/audit/replay-ssh.js b/server/www/teleport/static/js/audit/replay-ssh.js
index d4a6f81..88f97cc 100644
--- a/server/www/teleport/static/js/audit/replay-ssh.js
+++ b/server/www/teleport/static/js/audit/replay-ssh.js
@@ -76,7 +76,7 @@ $app.on_init = function (cb_stack) {
         function (ret) {
             if (ret.code === TPE_OK) {
                 g_header = ret.data;
-                console.log('header', g_header);
+                // console.log('header', g_header);
 
                 $('#recorder-info').html(tp_format_datetime(g_header.start) + ': ' + g_header.user_name + '@' + g_header.client_ip + ' 访问 ' + g_header.account + '@' + g_header.conn_ip + ':' + g_header.conn_port);
 
@@ -161,7 +161,7 @@ $app.on_init = function (cb_stack) {
         pause();
     });
     $app.dom.progress.mouseup(function () {
-        console.log(g_current_time);
+        // console.log(g_current_time);
         setTimeout(function () {
             init();
         }, 100);
diff --git a/server/www/teleport/static/js/tp-utils.js b/server/www/teleport/static/js/tp-utils.js
index 5e95b12..94304f1 100644
--- a/server/www/teleport/static/js/tp-utils.js
+++ b/server/www/teleport/static/js/tp-utils.js
@@ -304,8 +304,5 @@ function tp_check_strong_password(p) {
             s |= 8;
     }
 
-    if((s&1) && (s&2) && (s&4))
-        return true;
-    else
-        return false;
+    return !!((s & 1) && (s & 2) && (s & 4));
 }
diff --git a/server/www/teleport/static/js/user/reset-password.js b/server/www/teleport/static/js/user/reset-password.js
index 79a6c7b..11b554f 100644
--- a/server/www/teleport/static/js/user/reset-password.js
+++ b/server/www/teleport/static/js/user/reset-password.js
@@ -72,6 +72,7 @@ $app.on_init = function (cb_stack) {
         if (event.which === 13) {
             $app.on_set_new_password();
         } else {
+            $app.hide_op_box();
             $('[data-toggle="popover"]').popover('hide');
         }
     });
@@ -231,7 +232,7 @@ $app.on_set_new_password = function () {
 
     if ($app.options.force_strong) {
         if (!tp_check_strong_password(str_password)) {
-            $app.show_op_box('error', '抱歉，不能使用弱密码！');
+            $app.show_op_box('error', tp_error_msg(TPE_FAILED, '抱歉，不能使用弱密码！'));
             $app.dom.set_password.input_password.attr('data-content', "请设置强密码：至少8位，必须包含大写字母、小写字母以及数字！").focus().popover('show');
             return;
         }
diff --git a/server/www/teleport/webroot/app/base/utils.py b/server/www/teleport/webroot/app/base/utils.py
index 1505df6..c7a9c1d 100644
--- a/server/www/teleport/webroot/app/base/utils.py
+++ b/server/www/teleport/webroot/app/base/utils.py
@@ -195,6 +195,28 @@ def tp_md5file(file_name):
     return m.hexdigest()
 
 
+def tp_check_strong_password(p):
+    s = 0
+    if len(p) < 8:
+        return False
+
+    for i in range(len(p)):
+        c = ord(p[i])
+        if 48 <= c <= 57:  # 数字
+            s |= 1
+        elif 65 <= c <= 90:  # 大写字母
+            s |= 2
+        elif 97 <= c <= 122:  # 小写字母
+            s |= 4
+        else:
+            s |= 8
+
+    if (s & 1) and (s & 2) and (s & 4):
+        return True
+    else:
+        return False
+
+
 class UniqueId:
     def __init__(self):
         import builtins
@@ -215,4 +237,3 @@ def tp_unique_id():
     if '__tp_unique_id__' not in builtins.__dict__:
         builtins.__dict__['__tp_unique_id__'] = UniqueId()
     return builtins.__dict__['__tp_unique_id__'].generate()
-
diff --git a/server/www/teleport/webroot/app/controller/user.py b/server/www/teleport/webroot/app/controller/user.py
index a2817ff..1da20b6 100644
--- a/server/www/teleport/webroot/app/controller/user.py
+++ b/server/www/teleport/webroot/app/controller/user.py
@@ -12,6 +12,7 @@ from app.base import mail
 from app.model import user
 from app.model import group
 from app.logic.auth.password import tp_password_generate_secret
+from app.base.utils import tp_check_strong_password
 import tornado.gen
 from app.base.logger import *
 from app.base.controller import TPBaseHandler, TPBaseJsonHandler
@@ -537,6 +538,11 @@ class DoResetPasswordHandler(TPBaseJsonHandler):
             except:
                 return self.write_json(TPE_PARAM)
 
+            # 根据需要进行弱密码检测
+            if get_cfg().sys.password.force_strong:
+                if not tp_check_strong_password(password):
+                    return self.write_json(TPE_FAILED, '抱歉，不能使用弱密码！')
+
             err, user_id = user.check_reset_token(token)
             if err != TPE_OK:
                 return self.write_json(err)