curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a5baef73d934d29c5cdde9beb4f86bf160288b53
Business-Management/backend/app/schemas/user.py
T
curo1305 61cef2eacd Add test user seed, password validation, and pre-commit security hook 
- backend/scripts/seed.py: creates test@example.com on dev startup
- backend/scripts/start_dev.sh: runs migrations + seed + uvicorn --reload
- backend/app/schemas/user.py: password validator (length, case, digit, special char, forbidden words)
- scripts/security_check.py: Docker-based scanner for secrets, dangerous patterns, weak crypto, bandit
- .githooks/pre-commit: runs security_check.py in python:3.12-slim on every commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-12 15:54:23 +02:00

66 lines
2.0 KiB
Python
Raw Blame History

import re
from pydantic import BaseModel, EmailStr, field_validator
# Common words that must not appear as whole words inside a password.
# Checked case-insensitively with word boundaries.
_FORBIDDEN_WORDS = {
"password", "passwort", "secret", "welcome", "admin", "administrator",
"login", "user", "test", "guest", "master", "dragon", "monkey", "shadow",
"sunshine", "princess", "letmein", "football", "baseball", "soccer",
"hockey", "abc", "qwerty", "keyboard", "computer", "internet", "access",
"hello", "summer", "winter", "spring", "autumn", "flower", "mustang",
"batman", "superman", "donald", "michael", "jessica", "charlie",
}
def _validate_password(v: str) -> str:
errors = []
if len(v) < 8:
errors.append("at least 8 characters")
if not re.search(r"[A-Z]", v):
errors.append("at least one uppercase letter")
if not re.search(r"[a-z]", v):
errors.append("at least one lowercase letter")
if not re.search(r"\d", v):
errors.append("at least one digit")
if not re.search(r'[!@#$%^&*()\-_=+\[\]{};:\'",.<>?/\\|`~]', v):
errors.append("at least one special character")
lower = v.lower()
for word in _FORBIDDEN_WORDS:
# Match the word as a standalone token (surrounded by non-alpha or string boundary)
if re.search(rf"(?<![a-z]){re.escape(word)}(?![a-z])", lower):
errors.append(f'must not contain the word "{word}"')
break
if errors:
raise ValueError("; ".join(errors))
return v
class UserCreate(BaseModel):
email: EmailStr
password: str
full_name: str | None = None
@field_validator("password")
@classmethod
def password_strength(cls, v: str) -> str:
return _validate_password(v)
class UserOut(BaseModel):
id: str
email: str
full_name: str | None
is_active: bool
model_config = {"from_attributes": True}
class Token(BaseModel):
access_token: str
token_type: str = "bearer"
Reference in New Issue View Git Blame Copy Permalink