password subsystem tweaks (#167)

This commit is contained in:
Michael Quigley 2023-05-23 13:51:33 -04:00
parent 8c4134c8ad
commit 93707b692d
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 45 additions and 45 deletions

View File

@ -17,27 +17,27 @@ import (
const ConfigVersion = 3 const ConfigVersion = 3
type Config struct { type Config struct {
V int V int
Admin *AdminConfig Admin *AdminConfig
Bridge *metrics.BridgeConfig Bridge *metrics.BridgeConfig
Endpoint *EndpointConfig Endpoint *EndpointConfig
Email *emailUi.Config Email *emailUi.Config
Limits *limits.Config Limits *limits.Config
Maintenance *MaintenanceConfig Maintenance *MaintenanceConfig
Metrics *metrics.Config Metrics *metrics.Config
Registration *RegistrationConfig Passwords *PasswordsConfig
ResetPassword *ResetPasswordConfig Registration *RegistrationConfig
Store *store.Config ResetPassword *ResetPasswordConfig
Ziti *zrokEdgeSdk.Config Store *store.Config
PasswordRequirements *PaswordRequirementsConfig Ziti *zrokEdgeSdk.Config
} }
type AdminConfig struct { type AdminConfig struct {
Secrets []string `cf:"+secret"`
TouLink string
InvitesOpen bool InvitesOpen bool
InviteTokenStrategy string InviteTokenStrategy string
InviteTokenContact string InviteTokenContact string
Secrets []string `cf:"+secret"`
TouLink string
} }
type EndpointConfig struct { type EndpointConfig struct {
@ -45,11 +45,12 @@ type EndpointConfig struct {
Port int Port int
} }
type RegistrationConfig struct { type MaintenanceConfig struct {
RegistrationUrlTemplate string ResetPassword *ResetPasswordMaintenanceConfig
Registration *RegistrationMaintenanceConfig
} }
type PaswordRequirementsConfig struct { type PasswordsConfig struct {
Length int Length int
RequireCapital bool RequireCapital bool
RequireNumeric bool RequireNumeric bool
@ -57,13 +58,12 @@ type PaswordRequirementsConfig struct {
ValidSpecialCharacters string ValidSpecialCharacters string
} }
type ResetPasswordConfig struct { type RegistrationConfig struct {
ResetUrlTemplate string RegistrationUrlTemplate string
} }
type MaintenanceConfig struct { type ResetPasswordConfig struct {
ResetPassword *ResetPasswordMaintenanceConfig ResetUrlTemplate string
Registration *RegistrationMaintenanceConfig
} }
type RegistrationMaintenanceConfig struct { type RegistrationMaintenanceConfig struct {
@ -81,13 +81,6 @@ type ResetPasswordMaintenanceConfig struct {
func DefaultConfig() *Config { func DefaultConfig() *Config {
return &Config{ return &Config{
Limits: limits.DefaultConfig(), Limits: limits.DefaultConfig(),
PasswordRequirements: &PaswordRequirementsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
Maintenance: &MaintenanceConfig{ Maintenance: &MaintenanceConfig{
ResetPassword: &ResetPasswordMaintenanceConfig{ ResetPassword: &ResetPasswordMaintenanceConfig{
ExpirationTimeout: time.Minute * 15, ExpirationTimeout: time.Minute * 15,
@ -100,6 +93,13 @@ func DefaultConfig() *Config {
BatchLimit: 500, BatchLimit: 500,
}, },
}, },
Passwords: &PasswordsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
} }
} }

View File

@ -27,14 +27,14 @@ func (ch *configurationHandler) Handle(_ metadata.ConfigurationParams) middlewar
if cfg.Admin != nil { if cfg.Admin != nil {
data.TouLink = cfg.Admin.TouLink data.TouLink = cfg.Admin.TouLink
data.InviteTokenContact = cfg.Admin.InviteTokenContact data.InviteTokenContact = cfg.Admin.InviteTokenContact
} if cfg.Passwords != nil {
if cfg.PasswordRequirements != nil { data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{
data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{ Length: int64(cfg.Passwords.Length),
Length: int64(cfg.PasswordRequirements.Length), RequireCapital: cfg.Passwords.RequireCapital,
RequireCapital: cfg.PasswordRequirements.RequireCapital, RequireNumeric: cfg.Passwords.RequireNumeric,
RequireNumeric: cfg.PasswordRequirements.RequireNumeric, RequireSpecial: cfg.Passwords.RequireSpecial,
RequireSpecial: cfg.PasswordRequirements.RequireSpecial, ValidSpecialCharacters: cfg.Passwords.ValidSpecialCharacters,
ValidSpecialCharacters: cfg.PasswordRequirements.ValidSpecialCharacters, }
} }
} }
return metadata.NewConfigurationOK().WithPayload(data) return metadata.NewConfigurationOK().WithPayload(data)

View File

@ -92,21 +92,21 @@ func proxyUrl(shrToken, template string) string {
} }
func validatePassword(cfg *config.Config, password string) error { func validatePassword(cfg *config.Config, password string) error {
if cfg.PasswordRequirements.Length > len(password) { if cfg.Passwords.Length > len(password) {
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.PasswordRequirements.Length, len(password)) return fmt.Errorf("password length: expected (%d), got (%d)", cfg.Passwords.Length, len(password))
} }
if cfg.PasswordRequirements.RequireCapital { if cfg.Passwords.RequireCapital {
if !hasCapital(password) { if !hasCapital(password) {
return fmt.Errorf("password requires capital, found none") return fmt.Errorf("password requires capital, found none")
} }
} }
if cfg.PasswordRequirements.RequireNumeric { if cfg.Passwords.RequireNumeric {
if !hasNumeric(password) { if !hasNumeric(password) {
return fmt.Errorf("password requires numeric, found none") return fmt.Errorf("password requires numeric, found none")
} }
} }
if cfg.PasswordRequirements.RequireSpecial { if cfg.Passwords.RequireSpecial {
if !strings.ContainsAny(password, cfg.PasswordRequirements.ValidSpecialCharacters) { if !strings.ContainsAny(password, cfg.Passwords.ValidSpecialCharacters) {
return fmt.Errorf("password requires special character, found none") return fmt.Errorf("password requires special character, found none")
} }
} }

View File

@ -33,7 +33,7 @@ const PasswordForm = (props) => {
return; return;
} }
} }
if (confirm != password) { if (confirm !== password) {
props.setMessage(passwordMismatchMessage) props.setMessage(passwordMismatchMessage)
return; return;
} }