From 1ee42c9e86c54013b80addd609cf9db3bfb79130 Mon Sep 17 00:00:00 2001
From: Nikita Kryuchkov <nkryuchkov10@gmail.com>
Date: Fri, 24 Jan 2020 13:20:32 +0400
Subject: [PATCH] Allow only ASCII characters in password

---
 pkg/hypervisor/user.go      | 5 +++++
 pkg/hypervisor/user_test.go | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/pkg/hypervisor/user.go b/pkg/hypervisor/user.go
index 8dc1e646ce..44a383f028 100644
--- a/pkg/hypervisor/user.go
+++ b/pkg/hypervisor/user.go
@@ -30,6 +30,7 @@ var (
 	ErrSimplePassword = fmt.Errorf("password must have at least one upper, lower, digit and special character")
 	ErrUserExists     = fmt.Errorf("username already exists")
 	ErrNameNotAllowed = fmt.Errorf("name not allowed")
+	ErrNonASCII       = fmt.Errorf("non-ASCII character found")
 )
 
 // nolint: gochecknoinits
@@ -262,6 +263,10 @@ func checkPasswordStrength(password string) error {
 	seen := make([]bool, len(passwordClasses))
 
 	for _, r := range password {
+		if r < '!' || r > unicode.MaxASCII {
+			return ErrNonASCII
+		}
+
 		for i, class := range passwordClasses {
 			if unicode.IsOneOf(class, r) {
 				seen[i] = true
diff --git a/pkg/hypervisor/user_test.go b/pkg/hypervisor/user_test.go
index 42e075b6ff..f2359fb119 100644
--- a/pkg/hypervisor/user_test.go
+++ b/pkg/hypervisor/user_test.go
@@ -19,6 +19,11 @@ func Test_checkPasswordFormat(t *testing.T) {
 			password: strings.Repeat("Aa1!", 4),
 			err:      nil,
 		},
+		{
+			name:     "Non ASCII",
+			password: strings.Repeat("Aå1!", 4),
+			err:      ErrNonASCII,
+		},
 		{
 			name:     "Too short",
 			password: "1",