rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a password policy for distillery users

Browse source
This commit is contained in:
Tom Wiesing 2023-01-10 11:10:38 +01:00
parent ab9998881b
commit 6f257bd27f
No known key found for this signature in database
9 changed files with 185 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

13
internal/dis/component/auth/panel/password.go
View file

@ -18,7 +18,6 @@ var passwordTemplate = static.AssetsUser.MustParseShared("password.html", passwo
var (
errPasswordsNotIdentical = errors.New("passwords are not identical")
errPasswordIsEmpty = errors.New("password is empty")
errCredentialsIncorrect = errors.New("credentials are not correct")
errPasswordSetFailure = errors.New("error saving new password")
errTOTPSetFailure = errors.New("unable to disable totp")
@ -47,10 +46,6 @@ func (panel *UserPanel) routePassword(ctx context.Context) http.Handler {
return struct{}{}, errPasswordsNotIdentical
}
if new == "" {
return struct{}{}, errPasswordIsEmpty
}
user, err := panel.Dependencies.Auth.UserOf(r)
if err != nil {
return struct{}{}, err
@ -62,6 +57,14 @@ func (panel *UserPanel) routePassword(ctx context.Context) http.Handler {
return struct{}{}, errCredentialsIncorrect
}
}
{
err := user.CheckPasswordPolicy(new)
if err != nil {
return struct{}{}, err
}
}
{
err := user.SetPassword(r.Context(), []byte(new))
if err != nil {