mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-03 13:53:37 -05:00
Enforce stricter password policy.
- Check minimum password lengths - Set default policy to 6-128 chars
This commit is contained in:
parent
8e55b77055
commit
0f131d940d
4 changed files with 30 additions and 7 deletions
|
@ -29,8 +29,12 @@ module.exports = AuthenticationManager =
|
||||||
callback null, null
|
callback null, null
|
||||||
|
|
||||||
setUserPassword: (user_id, password, callback = (error) ->) ->
|
setUserPassword: (user_id, password, callback = (error) ->) ->
|
||||||
if Settings.passwordStrengthOptions?.length?.max? and Settings.passwordStrengthOptions?.length?.max < password.length
|
if (Settings.passwordStrengthOptions?.length?.max? and
|
||||||
|
Settings.passwordStrengthOptions?.length?.max < password.length)
|
||||||
return callback("password is too long")
|
return callback("password is too long")
|
||||||
|
if (Settings.passwordStrengthOptions?.length?.min? and
|
||||||
|
Settings.passwordStrengthOptions?.length?.min > password.length)
|
||||||
|
return callback("password is too short")
|
||||||
|
|
||||||
bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
|
bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
|
||||||
return callback(error) if error?
|
return callback(error) if error?
|
||||||
|
|
|
@ -226,8 +226,8 @@ module.exports = settings =
|
||||||
# passwordStrengthOptions:
|
# passwordStrengthOptions:
|
||||||
# pattern: "aA$3"
|
# pattern: "aA$3"
|
||||||
# length:
|
# length:
|
||||||
# min: 1
|
# min: 6
|
||||||
# max: 10
|
# max: 128
|
||||||
|
|
||||||
# Email support
|
# Email support
|
||||||
# -------------
|
# -------------
|
||||||
|
|
|
@ -103,8 +103,8 @@ define [
|
||||||
defaultPasswordOpts =
|
defaultPasswordOpts =
|
||||||
pattern: ""
|
pattern: ""
|
||||||
length:
|
length:
|
||||||
min: 1
|
min: 6
|
||||||
max: 50
|
max: 128
|
||||||
allowEmpty: false
|
allowEmpty: false
|
||||||
allowAnyChars: false
|
allowAnyChars: false
|
||||||
isMasked: true
|
isMasked: true
|
||||||
|
@ -127,8 +127,6 @@ define [
|
||||||
[asyncFormCtrl, ngModelCtrl] = ctrl
|
[asyncFormCtrl, ngModelCtrl] = ctrl
|
||||||
|
|
||||||
ngModelCtrl.$parsers.unshift (modelValue) ->
|
ngModelCtrl.$parsers.unshift (modelValue) ->
|
||||||
|
|
||||||
|
|
||||||
isValid = passField.validatePass()
|
isValid = passField.validatePass()
|
||||||
email = asyncFormCtrl.getEmail() || window.usersEmail
|
email = asyncFormCtrl.getEmail() || window.usersEmail
|
||||||
if !isValid
|
if !isValid
|
||||||
|
@ -141,5 +139,8 @@ define [
|
||||||
if opts.length.max? and modelValue.length == opts.length.max
|
if opts.length.max? and modelValue.length == opts.length.max
|
||||||
isValid = false
|
isValid = false
|
||||||
scope.complexPasswordErrorMessage = "Maximum password length #{opts.length.max} reached"
|
scope.complexPasswordErrorMessage = "Maximum password length #{opts.length.max} reached"
|
||||||
|
if opts.length.min? and modelValue.length < opts.length.min
|
||||||
|
isValid = false
|
||||||
|
scope.complexPasswordErrorMessage = "Password too short, minimum #{opts.length.min}"
|
||||||
ngModelCtrl.$setValidity('complexPassword', isValid)
|
ngModelCtrl.$setValidity('complexPassword', isValid)
|
||||||
return modelValue
|
return modelValue
|
||||||
|
|
|
@ -116,6 +116,24 @@ describe "AuthenticationManager", ->
|
||||||
expect(err).to.exist
|
expect(err).to.exist
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
it "should not start the bcrypt process", (done)->
|
||||||
|
@AuthenticationManager.setUserPassword @user_id, @password, (err)=>
|
||||||
|
@bcrypt.genSalt.called.should.equal false
|
||||||
|
@bcrypt.hash.called.should.equal false
|
||||||
|
done()
|
||||||
|
|
||||||
|
describe "too short", ->
|
||||||
|
beforeEach ->
|
||||||
|
@settings.passwordStrengthOptions =
|
||||||
|
length:
|
||||||
|
max:10
|
||||||
|
min:6
|
||||||
|
@password = "dsd"
|
||||||
|
|
||||||
|
it "should return and error", (done)->
|
||||||
|
@AuthenticationManager.setUserPassword @user_id, @password, (err)->
|
||||||
|
expect(err).to.exist
|
||||||
|
done()
|
||||||
|
|
||||||
it "should not start the bcrypt process", (done)->
|
it "should not start the bcrypt process", (done)->
|
||||||
@AuthenticationManager.setUserPassword @user_id, @password, (err)=>
|
@AuthenticationManager.setUserPassword @user_id, @password, (err)=>
|
||||||
|
|
Loading…
Reference in a new issue