-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: update password requirements #4107
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for bloom-exygy-dev ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
emilyjablonski
added
the
2 reviews needed
Requires 2 more review before ready to merge
label
May 23, 2024
YazeedLoonat
approved these changes
May 23, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
YazeedLoonat
added
1 review needed
Requires 1 more review before ready to merge
and removed
2 reviews needed
Requires 2 more review before ready to merge
labels
May 23, 2024
mcgarrye
approved these changes
May 23, 2024
mcgarrye
added
ready to merge
Should be applied when a PR has been reviewed and approved
and removed
1 review needed
Requires 1 more review before ready to merge
labels
May 23, 2024
emilyjablonski
added a commit
to housingbayarea/bloom
that referenced
this pull request
May 23, 2024
emilyjablonski
added a commit
to housingbayarea/bloom
that referenced
this pull request
May 29, 2024
emilyjablonski
added a commit
to metrotranscom/doorway
that referenced
this pull request
May 29, 2024
emilyjablonski
added a commit
to metrotranscom/doorway
that referenced
this pull request
Jun 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Issue Overview
This PR addresses #4101
Description
We had a user in AC who was trying to change their password and was receiving "passwordTooWeak" but their password did meet our rules. After testing various secure passwords, I saw that while our regex did allow special characters, it did not allow special characters to be the first character. This is the only failure I could find in the regex but I can't guarantee it was this user's issue.
After chatting w product, as this was going to require a change to the regex anyway, we also upped the security requirements from 8 characters / one number to 12 characters / one lowercase / one uppercase / one number / one special character. This should only apply to new passwords, which can be created on the public side by creating an account, updating your password in your account settings, or resetting your password, and on the parter side by confirming an account invitation.
I kept
admin@example.com
asabcdef
to test the flow of a user with an existing password under the old rules. All other seeded users likejurisdiction-admin@example.com
areAbcdef12345!
.I also added loading states on all the forms I touched if they didn't exist because it was making it hard to test.
How Can This Be Tested/Reviewed?
admin@example.com
andabcdef
which should already have a currently-weak password to ensure existing users are okayChecklist:
yarn generate:client
and/or created a migration if I made backend changes that require themReviewer Notes:
Steps to review a PR:
On Merge:
If you have one commit and message, squash. If you need each message to be applied, rebase and merge.