-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding basic validation for local passwords #13789
Adding basic validation for local passwords #13789
Conversation
06a203f
to
b211f3c
Compare
register( | ||
'LOCAL_PASSWORD_MIN_LENGTH', | ||
field_class=fields.IntegerField, | ||
min_value=0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does the django validation have a minimum? would it make sense to restrict the min to whatever that value is?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically it can't be blank but you can set a password to a
(so min 1) but I wanted 0
to mean "check disabled".
password_max_length = User._meta.get_field('password').max_length | ||
if len(value) > password_max_length: | ||
raise serializers.ValidationError(_('Password max length is {}'.format(password_max_length))) | ||
if getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH', 0) and len(value) < getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if these settings are in the db with default values already, would
if len(value) < getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'):
suffice?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably, I was thinking that since 0 means "no check" we would start with that to prevent the second checks from even being looked at. But I suppose its only a string compare/small loops so the amount of time saved by the short circuiting the if clause is probably negligible.
79153fb
to
0dd7d4d
Compare
0dd7d4d
to
1bc70d8
Compare
SUMMARY
Adds 4 definable password rules for local user passwords:
Also synced and prettied the UI files:
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION