Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding basic validation for local passwords #13789

Merged
merged 3 commits into from
Apr 13, 2023
Merged

Adding basic validation for local passwords #13789

merged 3 commits into from
Apr 13, 2023

Conversation

john-westcott-iv
Copy link
Member

@john-westcott-iv john-westcott-iv commented Apr 2, 2023
edited

SUMMARY

Adds 4 definable password rules for local user passwords:

  • Min length
  • Min number of upper case characters
  • Min number of digits
  • Min number of special characters

Also synced and prettied the UI files:

  • src/screens/Setting/shared/data.allSettingOptions.json
  • src/screens/Setting/shared/data.allSettings.json
ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • API
AWX VERSION
ADDITIONAL INFORMATION

@john-westcott-iv john-westcott-iv self-assigned this Apr 2, 2023
fosterseth
fosterseth reviewed Apr 6, 2023
View reviewed changes
awx/sso/conf.py
register(
'LOCAL_PASSWORD_MIN_LENGTH',
field_class=fields.IntegerField,
min_value=0,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the django validation have a minimum? would it make sense to restrict the min to whatever that value is?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically it can't be blank but you can set a password to a (so min 1) but I wanted 0 to mean "check disabled".

fosterseth
fosterseth reviewed Apr 6, 2023
View reviewed changes
awx/api/serializers.py
password_max_length = User._meta.get_field('password').max_length
if len(value) > password_max_length:
raise serializers.ValidationError(_('Password max length is {}'.format(password_max_length)))
if getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH', 0) and len(value) < getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if these settings are in the db with default values already, would

if len(value) < getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'):

suffice?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably, I was thinking that since 0 means "no check" we would start with that to prevent the second checks from even being looked at. But I suppose its only a string compare/small loops so the amount of time saved by the short circuiting the if clause is probably negligible.

@jay-steurer jay-steurer self-requested a review April 11, 2023 20:13
@john-westcott-iv john-westcott-iv force-pushed the local_user_passwords branch 2 times, most recently from 79153fb to 0dd7d4d Compare April 12, 2023 15:38
@cypress
Copy link

cypress bot commented Apr 12, 2023

7 failed tests on run #14816 ↗︎

7 703 611 0 Flakiness 0

Details:

Fixing tests
Project: AWX - Functional Commit: 1bc70d8e98
Status: Failed Duration: 11:19 💡
Started: Apr 12, 2023 4:41 PM Ended: Apr 12, 2023 5:53 PM
Failed  job-templates/job-template-crud.cy.js • 5 failed tests

View Output Video

Test Artifacts
Job Templates- Create > can create a job template but not if a JT with the same name already exists Output Screenshots Video
Job Templates- Create > can create a job template from inventory job template tab and see the template appear in that list Output Screenshots Video
Job Templates- Create > can create a job template from project job template tab and see the template appear in that list Output Screenshots Video
Job Templates- Create > can create a job template from credential job template tab and see the template appear in that list Output Screenshots Video
Job Templates- Create > can create a JT will all optional fields Output Screenshots Video
Failed  inventories/constructed-inventory-crud.cy.js • 1 failed test

View Output Video

Test Artifacts
Edit - Constructed Inventory > shows a failed sync on the constructed inventory if the user sets strict to true and enters bad variables Output Screenshots Video
Failed  workflow-approvals/workflow-approvals-operations.cy.js • 1 failed test

View Output Video

Test Artifacts
Workflow approvals - Details > can cancel a workflow Output Screenshots Video

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.

@jay-steurer jay-steurer merged commit fba4e06 into ansible:devel Apr 13, 2023
13 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fosterseth fosterseth fosterseth approved these changes

@jay-steurer jay-steurer jay-steurer approved these changes

Assignees

@john-westcott-iv john-westcott-iv

Labels
component:api component:ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@john-westcott-iv @fosterseth @jay-steurer