implement validate_password_strength()

enginetest/queries/script_queries.go

@@ -7298,6 +7298,156 @@ where
 			},
 		},
 	},
+	{
+		Name: "validate_password_strength and validate_password.length",
+		SetUpScript: []string{
+			"set @orig = @@global.validate_password.length",
+			"set @@global.validate_password.length = 0",
+		},
+		Assertions: []ScriptTestAssertion{
+			{
+				Query: "select validate_password_strength('')",
+				Expected: []sql.Row{
+					{0},
+				},
+			},
+			{
+				Query: "select validate_password_strength('123')",
+				Expected: []sql.Row{
+					{0},
+				},
+			},
+			{
+				Query: "select validate_password_strength('1234')",
+				Expected: []sql.Row{
+					{50},
+				},
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.length = 1000",
+			},
+			{
+				Query: "select validate_password_strength('ABCabc123!@!#')",
+				Expected: []sql.Row{
+					{25},
+				},
+			},
+			{
+				Query:          "set @@session.validate_password.length = 123",
+				ExpectedErrStr: "Variable 'validate_password.length' is a GLOBAL variable and should be set with SET GLOBAL",
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.length = @orig",
+			},
+		},
+	},
+	{
+		Name: "validate_password_strength and validate_password.number_count",
+		SetUpScript: []string{
+			"set @orig = @@global.validate_password.number_count",
+			"set @@global.validate_password.number_count = 0",
+		},
+		Assertions: []ScriptTestAssertion{
+			{
+				Query: "select validate_password_strength('ABCabc!@#')",
+				Expected: []sql.Row{
+					{100},
+				},
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.number_count = 1000",
+			},
+			{
+				Query: "select validate_password_strength('ABCabc!!!!123456789012345678901234567890')",
+				Expected: []sql.Row{
+					{50},
+				},
+			},
+			{
+				Query:          "set @@session.validate_password.number_count = 123",
+				ExpectedErrStr: "Variable 'validate_password.number_count' is a GLOBAL variable and should be set with SET GLOBAL",
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.number_count = @orig",
+			},
+		},
+	},
+	{
+		Name: "validate_password_strength and validate_password.mixed_case_count",
+		SetUpScript: []string{
+			"set @orig = @@global.validate_password.mixed_case_count",
+			"set @@global.validate_password.mixed_case_count = 0",
+		},
+		Assertions: []ScriptTestAssertion{
+			{
+				Query: "select validate_password_strength('abcabc!@#123')",
+				Expected: []sql.Row{
+					{100},
+				},
+			},
+			{
+				Query: "select validate_password_strength('ABCABC!@#123')",
+				Expected: []sql.Row{
+					{100},
+				},
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.mixed_case_count = 1000",
+			},
+			{
+				Query: "select validate_password_strength('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456!?!?!?')",
+				Expected: []sql.Row{
+					{50},
+				},
+			},
+			{
+				Query:          "set @@session.validate_password.mixed_case_count = 123",
+				ExpectedErrStr: "Variable 'validate_password.mixed_case_count' is a GLOBAL variable and should be set with SET GLOBAL",
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.mixed_case_count = @orig",
+			},
+		},
+	},
+	{
+		Name: "validate_password_strength and validate_password.special_char_count",
+		SetUpScript: []string{
+			"set @orig = @@global.validate_password.special_char_count",
+			"set @@global.validate_password.special_char_count = 0",
+		},
+		Assertions: []ScriptTestAssertion{
+			{
+				Query: "select validate_password_strength('abcABC123')",
+				Expected: []sql.Row{
+					{100},
+				},
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.special_char_count = 1000",
+			},
+			{
+				Query: "select validate_password_strength('abcABC123!@#$%^&*()                            ')",
+				Expected: []sql.Row{
+					{50},
+				},
+			},
+			{
+				Query:          "set @@session.validate_password.special_char_count = 123",
+				ExpectedErrStr: "Variable 'validate_password.special_char_count' is a GLOBAL variable and should be set with SET GLOBAL",
+			},
+			{
+				SkipResultsCheck: true,
+				Query:            "set @@global.validate_password.special_char_count = @orig",
+			},
+		},
+	},
 }
 
 var SpatialScriptTests = []ScriptTest{

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/dolthub/go-icu-regex v0.0.0-20240916130659-0118adc6b662
 	github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71
 	github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81
-	github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9
+	github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a
 	github.com/go-kit/kit v0.10.0
 	github.com/go-sql-driver/mysql v1.7.2-0.20231213112541-0004702b931d
 	github.com/gocraft/dbr/v2 v2.7.2

go.sum

@@ -58,8 +58,8 @@ github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71 h1:bMGS25NWAGTE
 github.com/dolthub/jsonpath v0.0.2-0.20240227200619-19675ab05c71/go.mod h1:2/2zjLQ/JOOSbbSboojeg+cAwcRV0fDLzIiWch/lhqI=
 github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81 h1:7/v8q9XGFa6q5Ap4Z/OhNkAMBaK5YeuEzwJt+NZdhiE=
 github.com/dolthub/sqllogictest/go v0.0.0-20201107003712-816f3ae12d81/go.mod h1:siLfyv2c92W1eN/R4QqG/+RjjX5W2+gCTRjZxBjI3TY=
-github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9 h1:2My8cED5m5/sFay7U4bvLxpECJccKj0cEKCqEA+63yU=
-github.com/dolthub/vitess v0.0.0-20240916204416-9d4d4a09b1d9/go.mod h1:uBvlRluuL+SbEWTCZ68o0xvsdYZER3CEG/35INdzfJM=
+github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a h1:mec8AiILmZC9eX0zRQpfN/XfTfsiEZESjrNbw/wbW+k=
+github.com/dolthub/vitess v0.0.0-20240919212847-96ea5aac0c9a/go.mod h1:uBvlRluuL+SbEWTCZ68o0xvsdYZER3CEG/35INdzfJM=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=

sql/expression/function/hash.go

@@ -26,6 +26,7 @@ import (
 	"fmt"
 	"hash"
 	"io"
+	"unicode"
 
 	"github.com/dolthub/go-mysql-server/sql"
 	"github.com/dolthub/go-mysql-server/sql/expression"
@@ -471,3 +472,125 @@ func (f *UncompressedLength) WithChildren(children ...sql.Expression) (sql.Expre
 	}
 	return NewUncompressedLength(children[0]), nil
 }
+
+// ValidatePasswordStrength function returns an integer to indicate how strong the password is.
+// https://dev.mysql.com/doc/refman/8.4/en/validate-password.html
+type ValidatePasswordStrength struct {
+	*UnaryFunc
+}
+
+const minPasswordLength = 4
+
+var _ sql.FunctionExpression = (*ValidatePasswordStrength)(nil)
+var _ sql.CollationCoercible = (*ValidatePasswordStrength)(nil)
+
+// NewValidatePasswordStrength returns a new ValidatePasswordStrength function expression
+func NewValidatePasswordStrength(arg sql.Expression) sql.Expression {
+	return &ValidatePasswordStrength{NewUnaryFunc(arg, "ValidatePasswordStrength", types.Uint32)}
+}
+
+// Description implements sql.FunctionExpression
+func (f *ValidatePasswordStrength) Description() string {
+	return "returns an integer to indicate how strong the password is."
+}
+
+func (f *ValidatePasswordStrength) Type() sql.Type {
+	return types.Int32
+}
+
+// CollationCoercibility implements the interface sql.CollationCoercible.
+func (*ValidatePasswordStrength) CollationCoercibility(ctx *sql.Context) (collation sql.CollationID, coercibility byte) {
+	return ctx.GetCollation(), 4
+}
+
+// Eval implements sql.Expression
+func (f *ValidatePasswordStrength) Eval(ctx *sql.Context, row sql.Row) (interface{}, error) {
+	arg, err := f.EvalChild(ctx, row)
+	if err != nil {
+		return nil, err
+	}
+	if arg == nil {
+		return nil, nil
+	}
+
+	val, _, err := types.LongText.Convert(arg)
+	if err != nil {
+		return nil, nil
+	}
+	password := val.(string)
+	strength := 0
+	if len(password) < minPasswordLength {
+		return strength, nil
+	}
+	strength += 25
+
+	// Requirements for LOW password strength
+	_, passLen, ok := sql.SystemVariables.GetGlobal("validate_password.length")
+	if !ok {
+		return nil, err
+	}
+	passLenInt, ok := types.CoalesceInt(passLen)
+	if !ok {
+		return nil, fmt.Errorf("invalid value for validate_password.length: %v", passLen)
+	}
+	if len(password) < passLenInt {
+		return strength, nil
+	}
+	strength += 25
+
+	// Requirements for MEDIUM password strength
+	_, numCount, ok := sql.SystemVariables.GetGlobal("validate_password.number_count")
+	if !ok {
+		return nil, fmt.Errorf("error: validate_password.number_count variable was not found")
+	}
+	numCountInt, ok := types.CoalesceInt(numCount)
+	if !ok {
+		return nil, fmt.Errorf("invalid value for validate_password.number_count: %v", numCount)
+	}
+	_, mixCaseCount, ok := sql.SystemVariables.GetGlobal("validate_password.mixed_case_count")
+	if !ok {
+		return nil, fmt.Errorf("error: validate_password.mixed_case_count variable was not found")
+	}
+	mixCaseCountInt, ok := types.CoalesceInt(mixCaseCount)
+	if !ok {
+		return nil, fmt.Errorf("invalid value for validate_password.mixed_case_count: %v", mixCaseCount)
+	}
+	lowerCount, upperCount := mixCaseCountInt, mixCaseCountInt
+	_, specialCharCount, ok := sql.SystemVariables.GetGlobal("validate_password.special_char_count")
+	if !ok {
+		return nil, fmt.Errorf("error: validate_password.special_char_count variable was not found")
+	}
+	specialCharCountInt, ok := types.CoalesceInt(specialCharCount)
+	if !ok {
+		return nil, fmt.Errorf("invalid value for validate_password.special_char_count: %v", specialCharCount)
+	}
+	for _, c := range password {
+		if unicode.IsNumber(c) {
+			numCountInt--
+		} else if unicode.IsUpper(c) {
+			upperCount--
+		} else if unicode.IsLower(c) {
+			lowerCount--
+		} else {
+			specialCharCountInt--
+		}
+	}
+	if numCountInt > 0 || upperCount > 0 || lowerCount > 0 || specialCharCountInt > 0 {
+		return strength, nil
+	}
+	strength += 25
+
+	// Requirements for STRONG password strength
+	// TODO: support dictionary file substring matching
+	strength += 25
+
+	return strength, nil
+}
+
+// WithChildren implements sql.Expression
+func (f *ValidatePasswordStrength) WithChildren(children ...sql.Expression) (sql.Expression, error) {
+	if len(children) != 1 {
+		return nil, sql.ErrInvalidChildrenNumber.New(f, len(children), 1)
+	}
+	return NewValidatePasswordStrength(children[0]), nil
+}

sql/expression/function/hash_test.go

@@ -437,3 +437,48 @@ func TestUncompressedLength(t *testing.T) {
 		})
 	}
 }
+
+func TestValidatePasswordStrength(t *testing.T) {
+	tests := []struct {
+		val sql.Expression
+		exp interface{}
+	}{
+		{
+			val: expression.NewLiteral(nil, types.Null),
+			exp: nil,
+		},
+		{
+			val: expression.NewLiteral(int64(1), types.Int64),
+			exp: 0,
+		},
+		{
+			val: expression.NewLiteral("1", types.Text),
+			exp: 0,
+		},
+		{
+			val: expression.NewLiteral("", types.Text),
+			exp: 0,
+		},
+		{
+			val: expression.NewLiteral("weak", types.Text),
+			exp: 25,
+		},
+		{
+			val: expression.NewLiteral("lessweak$_@123", types.Text),
+			exp: 50,
+		},
+		{
+			val: expression.NewLiteral("N0Tweak$_@123!", types.Text),
+			exp: 100,
+		},
+	}
+
+	for _, test := range tests {
+		f := NewValidatePasswordStrength(test.val)
+		t.Run(fmt.Sprintf(f.String()), func(t *testing.T) {
+			res, err := f.Eval(sql.NewEmptyContext(), nil)
+			require.NoError(t, err)
+			require.Equal(t, test.exp, res)
+		})
+	}
+}

sql/expression/function/registry.go

@@ -308,6 +308,7 @@ var BuiltIns = []sql.Function{
 	sql.FunctionN{Name: "uuid_to_bin", Fn: NewUUIDToBin},
 	sql.FunctionN{Name: "week", Fn: NewWeek},
 	sql.Function1{Name: "values", Fn: NewValues},
+	sql.Function1{Name: "validate_password_strength", Fn: NewValidatePasswordStrength},
 	sql.Function1{Name: "weekday", Fn: NewWeekday},
 	sql.Function1{Name: "weekofyear", Fn: NewWeekOfYear},
 	sql.Function1{Name: "year", Fn: NewYear},