Source code for camcops_server.cc_modules.cc_password
"""
camcops_server/cc_modules/cc_password.py
===============================================================================
Copyright (C) 2012, University of Cambridge, Department of Psychiatry.
Created by Rudolf Cardinal (rnc1001@cam.ac.uk).
This file is part of CamCOPS.
CamCOPS is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
CamCOPS is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with CamCOPS. If not, see <https://www.gnu.org/licenses/>.
===============================================================================
**Password-related functions.**
"""
from camcops_server.cc_modules.cc_baseconstants import (
PROHIBITED_PASSWORDS_FILE,
)
[docs]def password_prohibited(password: str) -> bool:
"""
Checks a (cleartext) password and decides if it is prohibited by virtue
of being in the UK National Cyber Security Centre (NCSC) list of common,
hacked passwords
(https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere) --
ultimately from https://haveibeenpwned.com/.
Speed is not critical; we don't cache the file, for example.
"""
with open(PROHIBITED_PASSWORDS_FILE) as f:
for line in f:
# It doesn't matter if we check against the comment lines.
if password == line.rstrip(): # remove trailing newline etc.
return True
return False