From 7939fbf69c02847d3393b423ced9b0e5c16a4cbf Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Thu, 15 Jul 2021 12:00:31 +0200
Subject: [PATCH] =?UTF-8?q?Spole=C4=8Dn=C3=A1=20funkce=20na=20kontrolu=20p?=
 =?UTF-8?q?=C5=99=C3=ADpustnosti=20hesla?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mo/users.py    | 7 +++++++
 mo/web/auth.py | 6 +++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/mo/users.py b/mo/users.py
index 6fef5ec9..e87c5de6 100644
--- a/mo/users.py
+++ b/mo/users.py
@@ -165,6 +165,13 @@ def user_by_uid(uid: int) -> db.User:
     return db.get_session().query(db.User).get(uid)
 
 
+password_help = 'Heslo musí mít alespoň 8 znaků. Doporučujeme kombinovat velká a malá písmena a číslice.'
+
+
+def validate_password(passwd: str) -> bool:
+    return len(passwd) >= 8
+
+
 def set_password(user: db.User, passwd: str):
     salt = bcrypt.gensalt()
     hashed = bcrypt.hashpw(passwd.encode('utf-8'), salt)
diff --git a/mo/web/auth.py b/mo/web/auth.py
index 1185c38e..f5634d1f 100644
--- a/mo/web/auth.py
+++ b/mo/web/auth.py
@@ -127,7 +127,7 @@ def handle_need_login(e):
 class ResetForm(FlaskForm):
     email = EmailField('E-mail', description='Účet pro který se nastavuje nové heslo', render_kw={"disabled": "disabled"})
     token = wtforms.HiddenField()
-    passwd = wtforms.PasswordField('Nové heslo', description='Heslo musí mít alespoň 8 znaků. Doporučujeme kombinovat velká a malá písmena a číslice.')
+    passwd = wtforms.PasswordField('Nové heslo', description=mo.users.password_help)
     submit = wtforms.SubmitField('Nastavit heslo')
     cancel = wtforms.SubmitField('Zrušit obnovu hesla')
 
@@ -155,8 +155,8 @@ def reset():
         db.get_session().commit()
         flash('Obnova hesla zrušena', 'warning')
         return redirect(url_for('login'))
-    elif len(form.passwd.data) < 8:
-        flash('Heslo musí být aspoň 8 znaků dlouhé', 'danger')
+    elif not mo.users.validate_password(form.passwd.data):
+        flash(mo.users.password_help, 'danger')
         return render_template('reset.html', form=form)
     else:
         mo.users.do_reset_password(user)
-- 
GitLab