Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A Logic Error When the Administritor Create New Users #17977

Closed
huiningl opened this issue Dec 14, 2021 · 0 comments · Fixed by #18005 or #18015
Closed

A Logic Error When the Administritor Create New Users #17977

huiningl opened this issue Dec 14, 2021 · 0 comments · Fixed by #18005 or #18015
Labels
type/bug
Milestone
1.15.8

Comments

@huiningl
Copy link

huiningl commented Dec 14, 2021
edited

Gitea Version

1.15.6

Git Version

2.23.0

Operating System

windows server

How are you running Gitea?

Database

MySQL

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

Hi,
There is a logic error when the administritor create new users.
If the the administritor force the new user to change initial password before their first sign in, the new user could set a weak password, such as "11111111" in the popup window. However, I have setted the PASSWORD_COMPLEXITY value in app.ini file as "lower,upper,digit,spec", and it works when the administritor create the new user's default password, also when users change their password after login.
Here is a screeshot of the popup window, it might miss a complexity test of the new password : )
f995eab104587a83631100194fed4c5
)

Screenshots

No response
@lunny lunny added the type/bug label Dec 14, 2021
zeripath added a commit to zeripath/gitea that referenced this issue Dec 16, 2021
@zeripath
Ensure complexity, minlength and ispwned are checked on password setting
7248588 
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix go-gitea#17977

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this issue Dec 16, 2021
Merged
lunny pushed a commit that referenced this issue Dec 17, 2021
@zeripath @wxiaoguang
Ensure complexity, minlength and ispwned are checked on password sett…
d29b689 
…ing (#18005)

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
zeripath added a commit to zeripath/gitea that referenced this issue Dec 17, 2021
@zeripath @wxiaoguang
Ensure complexity, minlength and ispwned are checked on password sett…
3338125 
…ing (go-gitea#18005)

Backport go-gitea#18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix go-gitea#17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@zeripath zeripath mentioned this issue Dec 17, 2021
Merged
zeripath added a commit that referenced this issue Dec 17, 2021
@zeripath
Ensure complexity, minlength and ispwned are checked on password sett…
2051f85 
…ing (#18005) (#18015)

Backport #18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.15.8 milestone Dec 20, 2021
@zeripath zeripath linked a pull request Dec 20, 2021 that will close this issue
Ensure complexity, minlength and ispwned are checked on password setting (#18005) #18015
Merged
@zeripath zeripath mentioned this issue Dec 20, 2021
Closed
Chianina pushed a commit to Chianina/gitea that referenced this issue Mar 28, 2022
@zeripath @wxiaoguang
Ensure complexity, minlength and ispwned are checked on password sett…
d5117d7 
…ing (go-gitea#18005)

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix go-gitea#17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.15.8
3 participants
@lunny @zeripath @huiningl