checkAuthenticationBasicSecurity method

Future<bool> checkAuthenticationBasicSecurity()

Implementation

Future<bool> checkAuthenticationBasicSecurity() async {
  var usernames =
      weakUsernames.expand((e) => [e, e.toLowerCase(), e.toUpperCase()]);
  var passwords =
      weakPasswords.expand((e) => [e, e.toLowerCase(), e.toUpperCase()]);

  var all = <String>{...usernames, ...passwords};

  var weak = false;

  USERNAMES_LOOP:
  for (var user in all) {
    for (var pass in all) {
      var grant = await _authenticationGrantor(user, pass);

      if (grant) {
        weak = true;
        break USERNAMES_LOOP;
      }
    }
  }

  if (weak) {
    _log.warning(
        'AUTHENTICATOR GRANTOR ACCEPTING WEAK CREDENTIALS!!! DO NOT DEPLOY THIS IN PRODUCTION OR PUBLIC NETWORKS!!!');
  }

  return !weak;
}