password subsystem tweaks (#167)

This commit is contained in:
Michael Quigley 2023-05-23 13:51:33 -04:00
parent 8c4134c8ad
commit 93707b692d
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 45 additions and 45 deletions

View File

@ -25,19 +25,19 @@ type Config struct {
Limits *limits.Config
Maintenance *MaintenanceConfig
Metrics *metrics.Config
Passwords *PasswordsConfig
Registration *RegistrationConfig
ResetPassword *ResetPasswordConfig
Store *store.Config
Ziti *zrokEdgeSdk.Config
PasswordRequirements *PaswordRequirementsConfig
}
type AdminConfig struct {
Secrets []string `cf:"+secret"`
TouLink string
InvitesOpen bool
InviteTokenStrategy string
InviteTokenContact string
Secrets []string `cf:"+secret"`
TouLink string
}
type EndpointConfig struct {
@ -45,11 +45,12 @@ type EndpointConfig struct {
Port int
}
type RegistrationConfig struct {
RegistrationUrlTemplate string
type MaintenanceConfig struct {
ResetPassword *ResetPasswordMaintenanceConfig
Registration *RegistrationMaintenanceConfig
}
type PaswordRequirementsConfig struct {
type PasswordsConfig struct {
Length int
RequireCapital bool
RequireNumeric bool
@ -57,13 +58,12 @@ type PaswordRequirementsConfig struct {
ValidSpecialCharacters string
}
type ResetPasswordConfig struct {
ResetUrlTemplate string
type RegistrationConfig struct {
RegistrationUrlTemplate string
}
type MaintenanceConfig struct {
ResetPassword *ResetPasswordMaintenanceConfig
Registration *RegistrationMaintenanceConfig
type ResetPasswordConfig struct {
ResetUrlTemplate string
}
type RegistrationMaintenanceConfig struct {
@ -81,13 +81,6 @@ type ResetPasswordMaintenanceConfig struct {
func DefaultConfig() *Config {
return &Config{
Limits: limits.DefaultConfig(),
PasswordRequirements: &PaswordRequirementsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
Maintenance: &MaintenanceConfig{
ResetPassword: &ResetPasswordMaintenanceConfig{
ExpirationTimeout: time.Minute * 15,
@ -100,6 +93,13 @@ func DefaultConfig() *Config {
BatchLimit: 500,
},
},
Passwords: &PasswordsConfig{
Length: 8,
RequireCapital: true,
RequireNumeric: true,
RequireSpecial: true,
ValidSpecialCharacters: `!@$&*_-., "#%'()+/:;<=>?[\]^{|}~`,
},
}
}

View File

@ -27,14 +27,14 @@ func (ch *configurationHandler) Handle(_ metadata.ConfigurationParams) middlewar
if cfg.Admin != nil {
data.TouLink = cfg.Admin.TouLink
data.InviteTokenContact = cfg.Admin.InviteTokenContact
}
if cfg.PasswordRequirements != nil {
if cfg.Passwords != nil {
data.PasswordRequirements = &rest_model_zrok.PasswordRequirements{
Length: int64(cfg.PasswordRequirements.Length),
RequireCapital: cfg.PasswordRequirements.RequireCapital,
RequireNumeric: cfg.PasswordRequirements.RequireNumeric,
RequireSpecial: cfg.PasswordRequirements.RequireSpecial,
ValidSpecialCharacters: cfg.PasswordRequirements.ValidSpecialCharacters,
Length: int64(cfg.Passwords.Length),
RequireCapital: cfg.Passwords.RequireCapital,
RequireNumeric: cfg.Passwords.RequireNumeric,
RequireSpecial: cfg.Passwords.RequireSpecial,
ValidSpecialCharacters: cfg.Passwords.ValidSpecialCharacters,
}
}
}
return metadata.NewConfigurationOK().WithPayload(data)

View File

@ -92,21 +92,21 @@ func proxyUrl(shrToken, template string) string {
}
func validatePassword(cfg *config.Config, password string) error {
if cfg.PasswordRequirements.Length > len(password) {
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.PasswordRequirements.Length, len(password))
if cfg.Passwords.Length > len(password) {
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.Passwords.Length, len(password))
}
if cfg.PasswordRequirements.RequireCapital {
if cfg.Passwords.RequireCapital {
if !hasCapital(password) {
return fmt.Errorf("password requires capital, found none")
}
}
if cfg.PasswordRequirements.RequireNumeric {
if cfg.Passwords.RequireNumeric {
if !hasNumeric(password) {
return fmt.Errorf("password requires numeric, found none")
}
}
if cfg.PasswordRequirements.RequireSpecial {
if !strings.ContainsAny(password, cfg.PasswordRequirements.ValidSpecialCharacters) {
if cfg.Passwords.RequireSpecial {
if !strings.ContainsAny(password, cfg.Passwords.ValidSpecialCharacters) {
return fmt.Errorf("password requires special character, found none")
}
}

View File

@ -33,7 +33,7 @@ const PasswordForm = (props) => {
return;
}
}
if (confirm != password) {
if (confirm !== password) {
props.setMessage(passwordMismatchMessage)
return;
}