From 363e97cebf9da3c382e32c2440149182a24291f2 Mon Sep 17 00:00:00 2001 From: Samar Sunkaria Date: Wed, 22 Jun 2022 23:10:08 +0200 Subject: [PATCH 1/2] [Proposal] Add schemas and validate all the quirks JSON files. (#618) * Add schemas for all the quirks json files. * Add a script to validate quirks against their schemas * fixup: Add a script to validate quirks against their schemas --- .github/workflows/lint.yml | 14 +++++- CONTRIBUTING.md | 2 +- .../schemas/change-password-URLs-schema.json | 7 +++ quirks/schemas/password-rules-schema.json | 16 ++++++ .../shared-credentials-historical-schema.json | 49 +++++++++++++++++++ quirks/schemas/shared-credentials-schema.json | 49 +++++++++++++++++++ ...es-that-append-2fa-to-password-schema.json | 8 +++ ...ith-shared-credential-backends-schema.json | 12 +++++ tools/validate-json-schemas.sh | 17 +++++++ 9 files changed, 171 insertions(+), 3 deletions(-) create mode 100644 quirks/schemas/change-password-URLs-schema.json create mode 100644 quirks/schemas/password-rules-schema.json create mode 100644 quirks/schemas/shared-credentials-historical-schema.json create mode 100644 quirks/schemas/shared-credentials-schema.json create mode 100644 quirks/schemas/websites-that-append-2fa-to-password-schema.json create mode 100644 quirks/schemas/websites-with-shared-credential-backends-schema.json create mode 100755 tools/validate-json-schemas.sh diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 416d9eb5f..8fe12b50d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,7 +9,7 @@ jobs: - uses: actions/checkout@v2 - name: Lint Valid Json run: | - find quirks/ -name '*.json' -print0 | while IFS= read -r -d '' filename; do + find quirks/ -name '*.json' -print0 -maxdepth 1 | while IFS= read -r -d '' filename; do echo "Validating $(basename "$filename")" python -mjson.tool "$filename" > /dev/null done @@ -39,4 +39,14 @@ jobs: - name: Lint Sort Order run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb - name: Lint Duplicates - run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb \ No newline at end of file + run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb + + validate-schemas: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v3 + - name: Install ajv-cli + run: npm install -g ajv-cli + - name: Validate JSONs against their schemas + run: ./tools/validate-json-schemas.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 99904139d..4cf4fe761 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ Before contributing, please review the [Code of Conduct](CODE_OF_CONDUCT.md). Contributing is easy! You can contribute either by raising compatibility issues with a website, researching and documenting what the right data for a quirk might be, and/or submitting a pull request to add a quirk. You can raise an issue at the repository's [issues page](https://github.com/apple/password-manager-resources/issues). If you've done some investigation into a service's behavior, you can document it on an existing issue for that problem. If you'd like to submit a pull request, there are some additional special considerations for each type of quirk, detailed below. -When adding a data item to a top-level JSON object, please keep keys alphabetized. This assists with scanning the lists and with merging them. +When adding a data item to a top-level JSON object, please keep keys alphabetized. This assists with scanning the lists and with merging them. You may run the [`tools/validate-json-schemas.sh`](tools/validate-json-schemas.sh) script to validate the JSON files before making a commit. One more point to consider is to keep your pull requests small and limited in scope to a specific change. (For example, it's best to submit a "Password Rule" for a single website or group of related websites in one pull request and not conflate unrelated changes that can prevent other from being merged.) diff --git a/quirks/schemas/change-password-URLs-schema.json b/quirks/schemas/change-password-URLs-schema.json new file mode 100644 index 000000000..6ba464088 --- /dev/null +++ b/quirks/schemas/change-password-URLs-schema.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "object", + "additionalProperties": { + "type": "string" + } +} diff --git a/quirks/schemas/password-rules-schema.json b/quirks/schemas/password-rules-schema.json new file mode 100644 index 000000000..192e514a5 --- /dev/null +++ b/quirks/schemas/password-rules-schema.json @@ -0,0 +1,16 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "password-rules": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "password-rules" + ] + } +} diff --git a/quirks/schemas/shared-credentials-historical-schema.json b/quirks/schemas/shared-credentials-historical-schema.json new file mode 100644 index 000000000..06635f73c --- /dev/null +++ b/quirks/schemas/shared-credentials-historical-schema.json @@ -0,0 +1,49 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "definitions": { + "domain-list": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "minItems": 1 + } + }, + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "shared": { + "$ref": "#/definitions/domain-list" + } + }, + "additionalProperties": false, + "required": [ + "shared" + ] + }, + { + "type": "object", + "properties": { + "from": { + "$ref": "#/definitions/domain-list" + }, + "to": { + "$ref": "#/definitions/domain-list" + }, + "fromDomainsAreObsoleted": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "from", + "to" + ] + } + ] + } +} diff --git a/quirks/schemas/shared-credentials-schema.json b/quirks/schemas/shared-credentials-schema.json new file mode 100644 index 000000000..06635f73c --- /dev/null +++ b/quirks/schemas/shared-credentials-schema.json @@ -0,0 +1,49 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "definitions": { + "domain-list": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "minItems": 1 + } + }, + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "shared": { + "$ref": "#/definitions/domain-list" + } + }, + "additionalProperties": false, + "required": [ + "shared" + ] + }, + { + "type": "object", + "properties": { + "from": { + "$ref": "#/definitions/domain-list" + }, + "to": { + "$ref": "#/definitions/domain-list" + }, + "fromDomainsAreObsoleted": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "from", + "to" + ] + } + ] + } +} diff --git a/quirks/schemas/websites-that-append-2fa-to-password-schema.json b/quirks/schemas/websites-that-append-2fa-to-password-schema.json new file mode 100644 index 000000000..a1d43336d --- /dev/null +++ b/quirks/schemas/websites-that-append-2fa-to-password-schema.json @@ -0,0 +1,8 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } +} diff --git a/quirks/schemas/websites-with-shared-credential-backends-schema.json b/quirks/schemas/websites-with-shared-credential-backends-schema.json new file mode 100644 index 000000000..bc2172f8a --- /dev/null +++ b/quirks/schemas/websites-with-shared-credential-backends-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "array", + "items": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "minItems": 1 + } +} diff --git a/tools/validate-json-schemas.sh b/tools/validate-json-schemas.sh new file mode 100755 index 000000000..dc8c5f959 --- /dev/null +++ b/tools/validate-json-schemas.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +if ! command -v ajv &> /dev/null +then + echo "The 'ajv' command is required for validating JSON schemas. +Please follow the readme at https://github.com/ajv-validator/ajv-cli to install the 'ajv-cli' package." + exit 1 +fi + +# Finds all JSON files in the quirks directory and validates them against the corresponding schema. +find quirks -name '*.json' -print0 -maxdepth 1 | while IFS= read -r -d '' filename; do + schema="quirks/schemas/$(basename "$filename" .json)-schema.json" + echo "Validating $filename against $schema" + ajv -s "$schema" -d "$filename" --spec=draft2020 +done From 9dff1e585e743c46170b21482f73990d0c5f502d Mon Sep 17 00:00:00 2001 From: "Michael Abon (Mike Kenyon)" Date: Mon, 27 Jun 2022 09:26:12 -0500 Subject: [PATCH 2/2] Add plazapremiumlounge.com password-rules.json (#619) Creating an account at plazapremiumlounge.com has very specific rules about which special characters are allowed. None of them are required. --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 61bfffd26..23e7d6b71 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -536,6 +536,9 @@ "planetary.org": { "password-rules": "minlength: 5; maxlength: 20; required: lower; required: upper; required: digit; allowed: ascii-printable;" }, + "plazapremiumlounge.com": { + "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit; allowed: [!#$%&*,@^];" + }, "portal.edd.ca.gov": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [!#$%&()*@^];" },