diff --git a/changelog.txt b/changelog.txt index 8b72e45..b20a0fb 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,6 +1,7 @@ Version 0.3.0 (2018-) - Allow passing settings via environment variables (Issue #100) @danielperna84 - Added basic git stash functionality (Issue #16) @danielperna84 +- Logging warnings if used passwords are insecure (Issue #100) @danielperna84 Version 0.2.9 (2018-06-22) - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84 diff --git a/configurator.py b/configurator.py index b90adf2..c6e400f 100755 --- a/configurator.py +++ b/configurator.py @@ -3432,6 +3432,10 @@ def load_settings(settingsfile): SESAME = settings.get("SESAME", SESAME) VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME) + if HASS_API_PASSWORD: + password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD") + if CREDENTIALS: + password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS") def is_safe_path(basedir, path, follow_symlinks=True): if basedir is None: @@ -3516,6 +3520,27 @@ def get_html(): LOG.warning("Delivering embedded HTML") return INDEX +def password_problems(password, name="UNKNOWN"): + problems = 0 + if password is None: + return problems + if len(password) < 8: + LOG.warning("Password %s is too short" % name) + problems += 1 + if password.isalpha(): + LOG.warning("Password %s does not contain digits" % name) + problems += 1 + if password.isdigit(): + LOG.warning("Password %s does not contain alphabetic characters" % name) + problems += 1 + quota = len(set(password)) / len(password) + exp = len(password) ** len(set(password)) + score = exp / quota / 8 + if score < 65536: + LOG.warning("Password %s does not contain enough unique characters (%i)" % (name, len(set(password)))) + problems += 1 + return problems + def check_access(clientip): global BANNED_IPS if clientip in BANNED_IPS: