password subsystem tweaks (#167)

This commit is contained in:
Michael Quigley 2023-05-23 13:51:33 -04:00
parent 8c4134c8ad
commit 93707b692d
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 45 additions and 45 deletions

View File

@ -25,19 +25,19 @@ type Config struct {
Limits *limits.Config Limits *limits.Config
Maintenance *MaintenanceConfig Maintenance *MaintenanceConfig
Metrics *metrics.Config Metrics *metrics.Config
Passwords *PasswordsConfig
Registration *RegistrationConfig Registration *RegistrationConfig
ResetPassword *ResetPasswordConfig ResetPassword *ResetPasswordConfig
Store *store.Config Store *store.Config
Ziti *zrokEdgeSdk.Config Ziti *zrokEdgeSdk.Config
PasswordRequirements *PaswordRequirementsConfig
} }
type AdminConfig struct { type AdminConfig struct {
Secrets []string `cf:"+secret"`
TouLink string
InvitesOpen bool InvitesOpen bool
InviteTokenStrategy string InviteTokenStrategy string
InviteTokenContact string InviteTokenContact string
Secrets []string `cf:"+secret"`
TouLink string
} }
type EndpointConfig struct { type EndpointConfig struct {
@ -45,11 +45,12 @@ type EndpointConfig struct {
Port int Port int
} }
type RegistrationConfig struct { type MaintenanceConfig struct {
RegistrationUrlTemplate string ResetPassword *ResetPasswordMaintenanceConfig
Registration *RegistrationMaintenanceConfig
} }
type PaswordRequirementsConfig struct { type PasswordsConfig struct {
Length int Length int
RequireCapital bool RequireCapital bool
RequireNumeric bool RequireNumeric bool
@ -57,13 +58,12 @@ type PaswordRequirementsConfig struct {
ValidSpecialCharacters string ValidSpecialCharacters string
} }
type ResetPasswordConfig struct { type RegistrationConfig struct {
ResetUrlTemplate string RegistrationUrlTemplate string
} }
type MaintenanceConfig struct { type ResetPasswordConfig struct {
ResetPassword *ResetPasswordMaintenanceConfig ResetUrlTemplate string
Registration *RegistrationMaintenanceConfig
} }
type RegistrationMaintenanceConfig struct { type RegistrationMaintenanceConfig struct {
@ -81,13 +81,6 @@ type ResetPasswordMaintenanceConfig struct {
func DefaultConfig() *Config { func DefaultConfig() *Config {
return &Config{ return &Config{
Limits: limits.DefaultConfig(), Limits: limits.DefaultConfig(),
PasswordRequirements: &PaswordRequirementsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
Maintenance: &MaintenanceConfig{ Maintenance: &MaintenanceConfig{
ResetPassword: &ResetPasswordMaintenanceConfig{ ResetPassword: &ResetPasswordMaintenanceConfig{
ExpirationTimeout: time.Minute * 15, ExpirationTimeout: time.Minute * 15,
@ -100,6 +93,13 @@ func DefaultConfig() *Config {
BatchLimit: 500, BatchLimit: 500,
}, },
}, },
Passwords: &PasswordsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
} }
} }

View File

@ -27,14 +27,14 @@ func (ch *configurationHandler) Handle(_ metadata.ConfigurationParams) middlewar
if cfg.Admin != nil { if cfg.Admin != nil {
data.TouLink = cfg.Admin.TouLink data.TouLink = cfg.Admin.TouLink
data.InviteTokenContact = cfg.Admin.InviteTokenContact data.InviteTokenContact = cfg.Admin.InviteTokenContact
} if cfg.Passwords != nil {
if cfg.PasswordRequirements != nil {
data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{ data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{
Length: int64(cfg.PasswordRequirements.Length), Length: int64(cfg.Passwords.Length),
RequireCapital: cfg.PasswordRequirements.RequireCapital, RequireCapital: cfg.Passwords.RequireCapital,
RequireNumeric: cfg.PasswordRequirements.RequireNumeric, RequireNumeric: cfg.Passwords.RequireNumeric,
RequireSpecial: cfg.PasswordRequirements.RequireSpecial, RequireSpecial: cfg.Passwords.RequireSpecial,
ValidSpecialCharacters: cfg.PasswordRequirements.ValidSpecialCharacters, ValidSpecialCharacters: cfg.Passwords.ValidSpecialCharacters,
}
} }
} }
return metadata.NewConfigurationOK().WithPayload(data) return metadata.NewConfigurationOK().WithPayload(data)

View File

@ -92,21 +92,21 @@ func proxyUrl(shrToken, template string) string {
} }
func validatePassword(cfg *config.Config, password string) error { func validatePassword(cfg *config.Config, password string) error {
if cfg.PasswordRequirements.Length > len(password) { if cfg.Passwords.Length > len(password) {
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.PasswordRequirements.Length, len(password)) return fmt.Errorf("password length: expected (%d), got (%d)", cfg.Passwords.Length, len(password))
} }
if cfg.PasswordRequirements.RequireCapital { if cfg.Passwords.RequireCapital {
if !hasCapital(password) { if !hasCapital(password) {
return fmt.Errorf("password requires capital, found none") return fmt.Errorf("password requires capital, found none")
} }
} }
if cfg.PasswordRequirements.RequireNumeric { if cfg.Passwords.RequireNumeric {
if !hasNumeric(password) { if !hasNumeric(password) {
return fmt.Errorf("password requires numeric, found none") return fmt.Errorf("password requires numeric, found none")
} }
} }
if cfg.PasswordRequirements.RequireSpecial { if cfg.Passwords.RequireSpecial {
if !strings.ContainsAny(password, cfg.PasswordRequirements.ValidSpecialCharacters) { if !strings.ContainsAny(password, cfg.Passwords.ValidSpecialCharacters) {
return fmt.Errorf("password requires special character, found none") return fmt.Errorf("password requires special character, found none")
} }
} }

View File

@ -33,7 +33,7 @@ const PasswordForm = (props) => {
return; return;
} }
} }
if (confirm != password) { if (confirm !== password) {
props.setMessage(passwordMismatchMessage) props.setMessage(passwordMismatchMessage)
return; return;
} }