checkAuthenticationBasicSecurity method
Implementation
Future<bool> checkAuthenticationBasicSecurity() async {
var usernames =
weakUsernames.expand((e) => [e, e.toLowerCase(), e.toUpperCase()]);
var passwords =
weakPasswords.expand((e) => [e, e.toLowerCase(), e.toUpperCase()]);
var all = <String>{...usernames, ...passwords};
var weak = false;
USERNAMES_LOOP:
for (var user in all) {
for (var pass in all) {
var grant = await _authenticationGrantor(user, pass);
if (grant) {
weak = true;
break USERNAMES_LOOP;
}
}
}
if (weak) {
_log.warning(
'AUTHENTICATOR GRANTOR ACCEPTING WEAK CREDENTIALS!!! DO NOT DEPLOY THIS IN PRODUCTION OR PUBLIC NETWORKS!!!');
}
return !weak;
}