New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use strong passwords: Enforce strong password policies for user accounts, and use a secure password hashing algorithm such as bcrypt to store passwords securely. #1421

Closed

4 tasks done

Tracked by

SamuelPull opened this issue Jul 18, 2023 · 0 comments · Fixed by #1422

Assignees

Milestone

Trubudget 2.3.0

Collaborator

SamuelPull commented Jul 18, 2023 •

edited

Loading

User passwords are adequately protected, and password complexity is enforced when NODE_ENV=production.

However, validation is done only on backend, and if password is insufficiently complex, very criptic message is displayed.

Add salt if not used in hashing
Make password requirements clear
Add password complexity validation in FE (equal rules to backend validation)
Ideally, password dialog should not close after entering weak password. Better UX is to provide feedback to the user what to do to correct any deficiencies and an opportunity to enter corrected data. This should be possible with FE validation?

The text was updated successfully, but these errors were encountered:

SamuelPull mentioned this issue

Check TB based on security best practices #1337

Closed

13 tasks

SamuelPull self-assigned this

SamuelPull mentioned this issue

fe: add fe password validation when creating user #1422

Merged

6 tasks

andrea-smiesna closed this as completed in #1422

georgimld added this to the Trubudget 2.3.0 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment