new password requirements

Author: cmyui

app/api/public/users.py

@@ -27,6 +27,7 @@ def map_error_code_to_http_status_code(error_code: ErrorCode) -> int:
 
 
 _error_code_to_http_status_code_map: dict[ErrorCode, int] = {
+    ErrorCode.BAD_REQUEST: 400,
     ErrorCode.INCORRECT_CREDENTIALS: 401,
     ErrorCode.INSUFFICIENT_PRIVILEGES: 401,
     ErrorCode.PENDING_VERIFICATION: 401,

app/errors.py

@@ -7,6 +7,7 @@ class ErrorCode(StrEnum):
     INCORRECT_CREDENTIALS = "INCORRECT_CREDENTIALS"
     INSUFFICIENT_PRIVILEGES = "INSUFFICIENT_PRIVILEGES"
     PENDING_VERIFICATION = "PENDING_VERIFICATION"
+    BAD_REQUEST = "BAD_REQUEST"
     NOT_FOUND = "NOT_FOUND"
     CONFLICT = "CONFLICT"
 

app/security.py

@@ -41,3 +41,22 @@ def hash_secure_token(unhashed_secure_token: str) -> str:
         unhashed_secure_token.encode(),
         usedforsecurity=False,
     ).hexdigest()
+
+
+def validate_password_meets_requirements(password: str, /) -> bool:
+    """
+    Validates that the password meets the security requirements.
+    - Must be at least 8 characters long
+    - Must contain at least one digit
+    - Must contain at least one uppercase letter
+    - Must contain at least one lowercase letter
+    """
+    if len(password) < 8:
+        return False
+    if not any(char.isdigit() for char in password):
+        return False
+    if not any(char.isupper() for char in password):
+        return False
+    if not any(char.islower() for char in password):
+        return False
+    return True

app/usecases/authentication.py

@@ -208,6 +208,12 @@ async def verify_password_reset(
             user_feedback="User not found.",
         )
 
+    if not security.validate_password_meets_requirements(new_password):
+        return Error(
+            error_code=ErrorCode.BAD_REQUEST,
+            user_feedback="Password does not meet security requirements.",
+        )
+
     new_hashed_password = security.hash_osu_password(new_password)
     await users.update_password(
         user_id=user.id,

app/usecases/users.py

@@ -159,6 +159,12 @@ async def update_password(
             user_feedback="User not found.",
         )
 
+    if not security.validate_password_meets_requirements(new_password):
+        return Error(
+            error_code=ErrorCode.BAD_REQUEST,
+            user_feedback="Password does not meet security requirements.",
+        )
+
     if not security.check_osu_password(
         untrusted_password=current_password,
         hashed_password=user.hashed_password,