Align password requirements with nist guidelines
This commit is contained in:
parent
f64702150d
commit
a83d99915d
|
@ -44,7 +44,7 @@ App::post('/v1/account')
|
|||
->label('sdk.response.model', Response::MODEL_USER)
|
||||
->label('abuse-limit', 10)
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('password', '', new Password(), 'User password. Must be between 6 to 32 chars.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true)
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
|
@ -160,7 +160,7 @@ App::post('/v1/account/sessions')
|
|||
->label('abuse-limit', 10)
|
||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('password', '', new Password(), 'User password. Must be between 6 to 32 chars.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('projectDB')
|
||||
|
@ -1356,8 +1356,8 @@ App::patch('/v1/account/password')
|
|||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||
->label('sdk.response.model', Response::MODEL_USER)
|
||||
->param('password', '', new Password(), 'New user password. Must be between 6 to 32 chars.')
|
||||
->param('oldPassword', '', new Password(), 'Old user password. Must be between 6 to 32 chars.', true)
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->param('oldPassword', '', new Password(), 'Old user password. Must be at least 8 chars.', true)
|
||||
->inject('response')
|
||||
->inject('user')
|
||||
->inject('projectDB')
|
||||
|
@ -1404,7 +1404,7 @@ App::patch('/v1/account/email')
|
|||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||
->label('sdk.response.model', Response::MODEL_USER)
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('password', '', new Password(), 'User password. Must be between 6 to 32 chars.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->inject('response')
|
||||
->inject('user')
|
||||
->inject('projectDB')
|
||||
|
@ -1863,8 +1863,8 @@ App::put('/v1/account/recovery')
|
|||
->label('abuse-key', 'url:{url},userId:{param-userId}')
|
||||
->param('userId', '', new UID(), 'User account UID address.')
|
||||
->param('secret', '', new Text(256), 'Valid reset token.')
|
||||
->param('password', '', new Password(), 'New password. Must be between 6 to 32 chars.')
|
||||
->param('passwordAgain', '', new Password(), 'New password again. Must be between 6 to 32 chars.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->param('passwordAgain', '', new Password(), 'New password again. Must be at least 8 chars.')
|
||||
->inject('response')
|
||||
->inject('projectDB')
|
||||
->inject('audits')
|
||||
|
|
|
@ -33,7 +33,7 @@ App::post('/v1/users')
|
|||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||
->label('sdk.response.model', Response::MODEL_USER)
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('password', '', new Password(), 'User password. Must be between 6 to 32 chars.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true)
|
||||
->inject('response')
|
||||
->inject('projectDB')
|
||||
|
|
|
@ -45,7 +45,7 @@ $root = ($this->getParam('root') !== 'disabled');
|
|||
<input name="email" type="email" autocomplete="email" placeholder="" required data-ls-bind="{{router.params.email}}">
|
||||
|
||||
<label>Password</label>
|
||||
<input name="password" type="password" autocomplete="off" placeholder="" required data-forms-password-meter pattern=".{6,}" title="Six or more characters">
|
||||
<input name="password" type="password" autocomplete="off" placeholder="" required data-forms-password-meter pattern=".{8,}" title="Eight or more characters">
|
||||
|
||||
<div class="agree margin-top-large margin-bottom-large">
|
||||
<div class="pull-start margin-end-small margin-bottom">
|
||||
|
|
|
@ -20,21 +20,23 @@ class Password extends Validator
|
|||
*/
|
||||
public function getDescription()
|
||||
{
|
||||
return 'Password must be between 6 and 32 chars and contain ...';
|
||||
return 'Password must be at least 8 characters';
|
||||
}
|
||||
|
||||
/**
|
||||
* Is valid.
|
||||
*
|
||||
* Validation username
|
||||
*
|
||||
* @param mixed $value
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isValid($value)
|
||||
{
|
||||
if (\strlen($value) < 6 || \strlen($value) > 32) {
|
||||
if (!\is_string($value)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (\strlen($value) < 8) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue