Make error messages more explicit

2019-05-21 10:21:27 +01:00 · 2019-05-21 10:21:27 +01:00 · 42cea6b437
parent d9105b5ed8
commit 42cea6b437
2 changed files with 31 additions and 8 deletions
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@ -361,10 +361,14 @@ class PasswordRefusedError(SynapseError):
    """A password has been refused, either during password reset/change or registration.
    """

-    def __init__(self, errcode=Codes.WEAK_PASSWORD):
+    def __init__(
+        self,
+        msg="This password doesn't comply with the server's policy",
+        errcode=Codes.WEAK_PASSWORD,
+    ):
        super(PasswordRefusedError, self).__init__(
            code=400,
-            msg="This password doesn't comply with the server's policy",
+            msg=msg,
            errcode=errcode,
        )

--- a/synapse/handlers/password_policy.py
+++ b/synapse/handlers/password_policy.py
@ -46,29 +46,48 @@ class PasswordPolicyHandler(object):
        if not self.enabled:
            return

-        if len(password) < self.policy.get("minimum_length", 0):
-            raise PasswordRefusedError(Codes.PASSWORD_TOO_SHORT)
+        minimum_accepted_length = self.policy.get("minimum_length", 0)
+        if len(password) < minimum_accepted_length:
+            raise PasswordRefusedError(
+                msg=(
+                    "The password must be at least %d characters long"
+                    % minimum_accepted_length
+                ),
+                errcode=Codes.PASSWORD_TOO_SHORT,
+            )

        if (
            self.policy.get("require_digit", False) and
            self.regexp_digit.search(password) is None
        ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_DIGIT)
+            raise PasswordRefusedError(
+                msg="The password must include at least one digit",
+                errcode=Codes.PASSWORD_NO_DIGIT,
+            )

        if (
            self.policy.get("require_symbol", False) and
            self.regexp_symbol.search(password) is None
        ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_SYMBOL)
+            raise PasswordRefusedError(
+                msg="The password must include at least one symbol",
+                errcode=Codes.PASSWORD_NO_SYMBOL,
+            )

        if (
            self.policy.get("require_uppercase", False) and
            self.regexp_uppercase.search(password) is None
        ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_UPPERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one uppercase letter",
+                errcode=Codes.PASSWORD_NO_UPPERCASE,
+            )

        if (
            self.policy.get("require_lowercase", False) and
            self.regexp_lowercase.search(password) is None
        ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_LOWERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one lowercase letter",
+                errcode=Codes.PASSWORD_NO_LOWERCASE,
+            )