mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #555 from sharelatex/sk-password-policy
Enforce stricter password policy.
This commit is contained in:
commit
3d9da02815
4 changed files with 30 additions and 7 deletions
|
@ -29,8 +29,12 @@ module.exports = AuthenticationManager =
|
|||
callback null, null
|
||||
|
||||
setUserPassword: (user_id, password, callback = (error) ->) ->
|
||||
if Settings.passwordStrengthOptions?.length?.max? and Settings.passwordStrengthOptions?.length?.max < password.length
|
||||
if (Settings.passwordStrengthOptions?.length?.max? and
|
||||
Settings.passwordStrengthOptions?.length?.max < password.length)
|
||||
return callback("password is too long")
|
||||
if (Settings.passwordStrengthOptions?.length?.min? and
|
||||
Settings.passwordStrengthOptions?.length?.min > password.length)
|
||||
return callback("password is too short")
|
||||
|
||||
bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
|
||||
return callback(error) if error?
|
||||
|
|
|
@ -226,8 +226,8 @@ module.exports = settings =
|
|||
# passwordStrengthOptions:
|
||||
# pattern: "aA$3"
|
||||
# length:
|
||||
# min: 1
|
||||
# max: 10
|
||||
# min: 6
|
||||
# max: 128
|
||||
|
||||
# Email support
|
||||
# -------------
|
||||
|
|
|
@ -103,8 +103,8 @@ define [
|
|||
defaultPasswordOpts =
|
||||
pattern: ""
|
||||
length:
|
||||
min: 1
|
||||
max: 50
|
||||
min: 6
|
||||
max: 128
|
||||
allowEmpty: false
|
||||
allowAnyChars: false
|
||||
isMasked: true
|
||||
|
@ -127,8 +127,6 @@ define [
|
|||
[asyncFormCtrl, ngModelCtrl] = ctrl
|
||||
|
||||
ngModelCtrl.$parsers.unshift (modelValue) ->
|
||||
|
||||
|
||||
isValid = passField.validatePass()
|
||||
email = asyncFormCtrl.getEmail() || window.usersEmail
|
||||
if !isValid
|
||||
|
@ -141,5 +139,8 @@ define [
|
|||
if opts.length.max? and modelValue.length == opts.length.max
|
||||
isValid = false
|
||||
scope.complexPasswordErrorMessage = "Maximum password length #{opts.length.max} reached"
|
||||
if opts.length.min? and modelValue.length < opts.length.min
|
||||
isValid = false
|
||||
scope.complexPasswordErrorMessage = "Password too short, minimum #{opts.length.min}"
|
||||
ngModelCtrl.$setValidity('complexPassword', isValid)
|
||||
return modelValue
|
||||
|
|
|
@ -116,6 +116,24 @@ describe "AuthenticationManager", ->
|
|||
expect(err).to.exist
|
||||
done()
|
||||
|
||||
it "should not start the bcrypt process", (done)->
|
||||
@AuthenticationManager.setUserPassword @user_id, @password, (err)=>
|
||||
@bcrypt.genSalt.called.should.equal false
|
||||
@bcrypt.hash.called.should.equal false
|
||||
done()
|
||||
|
||||
describe "too short", ->
|
||||
beforeEach ->
|
||||
@settings.passwordStrengthOptions =
|
||||
length:
|
||||
max:10
|
||||
min:6
|
||||
@password = "dsd"
|
||||
|
||||
it "should return and error", (done)->
|
||||
@AuthenticationManager.setUserPassword @user_id, @password, (err)->
|
||||
expect(err).to.exist
|
||||
done()
|
||||
|
||||
it "should not start the bcrypt process", (done)->
|
||||
@AuthenticationManager.setUserPassword @user_id, @password, (err)=>
|
||||
|
|
Loading…
Reference in a new issue