mirror of
https://github.com/openziti/zrok.git
synced 2024-12-22 23:02:52 +01:00
password subsystem tweaks (#167)
This commit is contained in:
parent
8c4134c8ad
commit
93707b692d
@ -25,19 +25,19 @@ type Config struct {
|
|||||||
Limits *limits.Config
|
Limits *limits.Config
|
||||||
Maintenance *MaintenanceConfig
|
Maintenance *MaintenanceConfig
|
||||||
Metrics *metrics.Config
|
Metrics *metrics.Config
|
||||||
|
Passwords *PasswordsConfig
|
||||||
Registration *RegistrationConfig
|
Registration *RegistrationConfig
|
||||||
ResetPassword *ResetPasswordConfig
|
ResetPassword *ResetPasswordConfig
|
||||||
Store *store.Config
|
Store *store.Config
|
||||||
Ziti *zrokEdgeSdk.Config
|
Ziti *zrokEdgeSdk.Config
|
||||||
PasswordRequirements *PaswordRequirementsConfig
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type AdminConfig struct {
|
type AdminConfig struct {
|
||||||
Secrets []string `cf:"+secret"`
|
|
||||||
TouLink string
|
|
||||||
InvitesOpen bool
|
InvitesOpen bool
|
||||||
InviteTokenStrategy string
|
InviteTokenStrategy string
|
||||||
InviteTokenContact string
|
InviteTokenContact string
|
||||||
|
Secrets []string `cf:"+secret"`
|
||||||
|
TouLink string
|
||||||
}
|
}
|
||||||
|
|
||||||
type EndpointConfig struct {
|
type EndpointConfig struct {
|
||||||
@ -45,11 +45,12 @@ type EndpointConfig struct {
|
|||||||
Port int
|
Port int
|
||||||
}
|
}
|
||||||
|
|
||||||
type RegistrationConfig struct {
|
type MaintenanceConfig struct {
|
||||||
RegistrationUrlTemplate string
|
ResetPassword *ResetPasswordMaintenanceConfig
|
||||||
|
Registration *RegistrationMaintenanceConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
type PaswordRequirementsConfig struct {
|
type PasswordsConfig struct {
|
||||||
Length int
|
Length int
|
||||||
RequireCapital bool
|
RequireCapital bool
|
||||||
RequireNumeric bool
|
RequireNumeric bool
|
||||||
@ -57,13 +58,12 @@ type PaswordRequirementsConfig struct {
|
|||||||
ValidSpecialCharacters string
|
ValidSpecialCharacters string
|
||||||
}
|
}
|
||||||
|
|
||||||
type ResetPasswordConfig struct {
|
type RegistrationConfig struct {
|
||||||
ResetUrlTemplate string
|
RegistrationUrlTemplate string
|
||||||
}
|
}
|
||||||
|
|
||||||
type MaintenanceConfig struct {
|
type ResetPasswordConfig struct {
|
||||||
ResetPassword *ResetPasswordMaintenanceConfig
|
ResetUrlTemplate string
|
||||||
Registration *RegistrationMaintenanceConfig
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type RegistrationMaintenanceConfig struct {
|
type RegistrationMaintenanceConfig struct {
|
||||||
@ -81,13 +81,6 @@ type ResetPasswordMaintenanceConfig struct {
|
|||||||
func DefaultConfig() *Config {
|
func DefaultConfig() *Config {
|
||||||
return &Config{
|
return &Config{
|
||||||
Limits: limits.DefaultConfig(),
|
Limits: limits.DefaultConfig(),
|
||||||
PasswordRequirements: &PaswordRequirementsConfig{
|
|
||||||
Length: 8,
|
|
||||||
RequireCapital: true,
|
|
||||||
RequireNumeric: true,
|
|
||||||
RequireSpecial: true,
|
|
||||||
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
|
|
||||||
},
|
|
||||||
Maintenance: &MaintenanceConfig{
|
Maintenance: &MaintenanceConfig{
|
||||||
ResetPassword: &ResetPasswordMaintenanceConfig{
|
ResetPassword: &ResetPasswordMaintenanceConfig{
|
||||||
ExpirationTimeout: time.Minute * 15,
|
ExpirationTimeout: time.Minute * 15,
|
||||||
@ -100,6 +93,13 @@ func DefaultConfig() *Config {
|
|||||||
BatchLimit: 500,
|
BatchLimit: 500,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Passwords: &PasswordsConfig{
|
||||||
|
Length: 8,
|
||||||
|
RequireCapital: true,
|
||||||
|
RequireNumeric: true,
|
||||||
|
RequireSpecial: true,
|
||||||
|
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,14 +27,14 @@ func (ch *configurationHandler) Handle(_ metadata.ConfigurationParams) middlewar
|
|||||||
if cfg.Admin != nil {
|
if cfg.Admin != nil {
|
||||||
data.TouLink = cfg.Admin.TouLink
|
data.TouLink = cfg.Admin.TouLink
|
||||||
data.InviteTokenContact = cfg.Admin.InviteTokenContact
|
data.InviteTokenContact = cfg.Admin.InviteTokenContact
|
||||||
}
|
if cfg.Passwords != nil {
|
||||||
if cfg.PasswordRequirements != nil {
|
|
||||||
data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{
|
data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{
|
||||||
Length: int64(cfg.PasswordRequirements.Length),
|
Length: int64(cfg.Passwords.Length),
|
||||||
RequireCapital: cfg.PasswordRequirements.RequireCapital,
|
RequireCapital: cfg.Passwords.RequireCapital,
|
||||||
RequireNumeric: cfg.PasswordRequirements.RequireNumeric,
|
RequireNumeric: cfg.Passwords.RequireNumeric,
|
||||||
RequireSpecial: cfg.PasswordRequirements.RequireSpecial,
|
RequireSpecial: cfg.Passwords.RequireSpecial,
|
||||||
ValidSpecialCharacters: cfg.PasswordRequirements.ValidSpecialCharacters,
|
ValidSpecialCharacters: cfg.Passwords.ValidSpecialCharacters,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return metadata.NewConfigurationOK().WithPayload(data)
|
return metadata.NewConfigurationOK().WithPayload(data)
|
||||||
|
@ -92,21 +92,21 @@ func proxyUrl(shrToken, template string) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func validatePassword(cfg *config.Config, password string) error {
|
func validatePassword(cfg *config.Config, password string) error {
|
||||||
if cfg.PasswordRequirements.Length > len(password) {
|
if cfg.Passwords.Length > len(password) {
|
||||||
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.PasswordRequirements.Length, len(password))
|
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.Passwords.Length, len(password))
|
||||||
}
|
}
|
||||||
if cfg.PasswordRequirements.RequireCapital {
|
if cfg.Passwords.RequireCapital {
|
||||||
if !hasCapital(password) {
|
if !hasCapital(password) {
|
||||||
return fmt.Errorf("password requires capital, found none")
|
return fmt.Errorf("password requires capital, found none")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if cfg.PasswordRequirements.RequireNumeric {
|
if cfg.Passwords.RequireNumeric {
|
||||||
if !hasNumeric(password) {
|
if !hasNumeric(password) {
|
||||||
return fmt.Errorf("password requires numeric, found none")
|
return fmt.Errorf("password requires numeric, found none")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if cfg.PasswordRequirements.RequireSpecial {
|
if cfg.Passwords.RequireSpecial {
|
||||||
if !strings.ContainsAny(password, cfg.PasswordRequirements.ValidSpecialCharacters) {
|
if !strings.ContainsAny(password, cfg.Passwords.ValidSpecialCharacters) {
|
||||||
return fmt.Errorf("password requires special character, found none")
|
return fmt.Errorf("password requires special character, found none")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,7 +33,7 @@ const PasswordForm = (props) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (confirm != password) {
|
if (confirm !== password) {
|
||||||
props.setMessage(passwordMismatchMessage)
|
props.setMessage(passwordMismatchMessage)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user