hostname/password length requirements

* fix webui regexp and input length limits * explain requirements in webui and headers
5 years ago · e326fbe09f
--- a/code/espurna/config/defaults.h
+++ b/code/espurna/config/defaults.h
@ -556,9 +556,13 @@
 // General
 // -----------------------------------------------------------------------------

 // Default hostname will be ESPURNA-XXXXXX, where XXXXXX is last 3 octets of chipID
 // Device name (DNS, SoftAP SSID, ALEXA etc.)
 // If empty, default will be ESPURNA-XXXXXX, where XXXXXX is last 3 octets of chipID
 // When set, must be 1..31 characters. See:
 // https://github.com/xoseperez/espurna/issues/921
 // https://github.com/xoseperez/espurna/issues/1151
 #ifndef HOSTNAME
 #define HOSTNAME ""
 #define HOSTNAME                ""
 #endif

 // Relay providers
--- a/code/espurna/config/general.h
+++ b/code/espurna/config/general.h
@ -9,8 +9,11 @@

 #define DEVICE_NAME             MANUFACTURER "_" DEVICE     // Concatenate both to get a unique device name

 // When defined, ADMIN_PASS must be 8..63 printable ASCII characters. See:
 // https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Target_users_(authentication_key_distribution)
 // https://github.com/xoseperez/espurna/issues/1151
 #ifndef ADMIN_PASS
 #define ADMIN_PASS              "fibonacci"     // Default password (WEB, OTA, WIFI)
 #define ADMIN_PASS              "fibonacci"     // Default password (WEB, OTA, WIFI SoftAP)
 #endif

 #ifndef USE_PASSWORD
--- a/code/html/custom.js
+++ b/code/html/custom.js
@ -150,13 +150,17 @@ function validateForm(form) {

    // http://www.the-art-of-web.com/javascript/validate-password/
    // at least one lowercase and one uppercase letter or number
    // at least five characters (letters, numbers or special characters)
    var re_password = /^(?=.*[A-Z\d])(?=.*[a-z])[\w~!@#$%^&*\(\)<>,.\?;:{}\[\]\\|]{5,}$/;
    // at least eight characters (letters, numbers or special characters)

    // MUST be 8..63 printable ASCII characters. See:
    // https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Target_users_(authentication_key_distribution)
    // https://github.com/xoseperez/espurna/issues/1151
    var re_password = /^(?=.*[A-Z\d])(?=.*[a-z])[\w~!@#$%^&*\(\)<>,.\?;:{}\[\]\\|]{8,63}$/;

    // password
    var adminPass1 = $("input[name='adminPass']", form).first().val();
    if (adminPass1.length > 0 && !re_password.test(adminPass1)) {
        alert("The password you have entered is not valid, it must have at least 5 characters, 1 lowercase and 1 uppercase or number!");
        alert("The password you have entered is not valid, it must be 8..63 characters and have at least 1 lowercase and 1 uppercase / number!");
        return false;
    }

@ -173,9 +177,9 @@ function validateForm(form) {
    // No other symbols, punctuation characters, or blank spaces are permitted.

    // Negative lookbehind does not work in Javascript
    // var re_hostname = new RegExp('^(?!-)[A-Za-z0-9-]{1,32}(?<!-)$');
    // var re_hostname = new RegExp('^(?!-)[A-Za-z0-9-]{1,31}(?<!-)$');

    var re_hostname = new RegExp('^(?!-)[A-Za-z0-9-]{0,31}[A-Za-z0-9]$');
    var re_hostname = new RegExp('^(?!-)[A-Za-z0-9-]{0,30}[A-Za-z0-9]$');

    var hostname = $("input[name='hostname']", form);
    var hasChanged = hostname.attr("hasChanged") || 0;
--- a/code/html/index.html
+++ b/code/html/index.html
@ -43,11 +43,11 @@

                                <div class="pure-g">
                                    <label class="pure-u-1 pure-u-lg-1-4">Admin password</label>
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" type="password" tabindex="1" autocomplete="false" />
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" maxlength="63" type="password" tabindex="1" autocomplete="false" />
                                    <div class="pure-u-0 pure-u-lg-1-4"></div>
                                    <div class="pure-u-1 pure-u-lg-3-4 hint">
                                        The administrator password is used to access this web interface (user 'admin'), but also to connect to the device when in AP mode or to flash a new firmware over-the-air (OTA).<br />
                                        It must have at least <strong>five characters</strong> (numbers and letters and any of these special characters: _,.;:~!?@#$%^&amp;*&lt;&gt;\|(){}[]) and at least <strong>one lowercase</strong> and <strong>one uppercase</strong> or <strong>one number</strong>.</div>
                                        It must be <strong>8..63 characters</strong> (numbers and letters and any of these special characters: _,.;:~!?@#$%^&amp;*&lt;&gt;\|(){}[]) and have at least <strong>one lowercase</strong> and <strong>one uppercase</strong> or <strong>one number</strong>.</div>
                                </div>

                                <div class="pure-g">
@ -323,7 +323,7 @@

                                <div class="pure-g">
                                    <label class="pure-u-1 pure-u-lg-1-4">Hostname</label>
                                    <input name="hostname" class="pure-u-1 pure-u-lg-1-4"  maxlength="32" type="text" action="reboot" tabindex="1" />
                                    <input name="hostname" class="pure-u-1 pure-u-lg-1-4"  maxlength="31" type="text" action="reboot" tabindex="1" />
                                    <div class="pure-u-0 pure-u-lg-1-2"></div>
                                    <div class="pure-u-0 pure-u-lg-1-4"></div>
                                    <div class="pure-u-1 pure-u-lg-3-4 hint">
@ -522,16 +522,16 @@

                                <div class="pure-g">
                                    <label class="pure-u-1 pure-u-lg-1-4">Admin password</label>
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" type="password" action="reboot" tabindex="11" autocomplete="false" />
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" maxlength="63" type="password" action="reboot" tabindex="11" autocomplete="false" />
                                    <div class="pure-u-0 pure-u-lg-1-4"></div>
                                    <div class="pure-u-1 pure-u-lg-3-4 hint">
                                        The administrator password is used to access this web interface (user 'admin'), but also to connect to the device when in AP mode or to flash a new firmware over-the-air (OTA).<br />
                                        It must have at least <strong>five characters</strong> (numbers and letters and any of these special characters: _,.;:~!?@#$%^&amp;*&lt;&gt;\|(){}[]) and at least <strong>one lowercase</strong> and <strong>one uppercase</strong> or <strong>one number</strong>.</div>
                                        It must be <strong>8..63 characters</strong> (numbers and letters and any of these special characters: _,.;:~!?@#$%^&amp;*&lt;&gt;\|(){}[]) and have at least <strong>one lowercase</strong> and <strong>one uppercase</strong> or <strong>one number</strong>.</div>
                                </div>

                                <div class="pure-g">
                                    <label class="pure-u-1 pure-u-lg-1-4">Repeat password</label>
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" type="password" action="reboot" tabindex="12" autocomplete="false" />
                                    <input name="adminPass" class="pure-u-1 pure-u-lg-3-4" maxlength="63" type="password" action="reboot" tabindex="12" autocomplete="false" />
                                </div>

                                <div class="pure-g">