-
Notifications
You must be signed in to change notification settings - Fork 976
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds password validation function to dbAuth #6372
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cannikin
added
fixture-ok
Override the test project fixture check
and removed
fixture-ok
Override the test project fixture check
labels
Sep 9, 2022
github-actions bot
pushed a commit
that referenced
this pull request
Oct 5, 2022
* Adds docs for passwordValidation() * Add passwordValidation() function to templates * Invoke passwordValidation() function during signup * Update docs * Add PasswordValidationError * export PasswordValidationError * Update templates to use _password since var not actually used * Adds test for passwordValidation() * --rebuild-fixture * Adds test for undefined passwordValidation function
jtoar
pushed a commit
that referenced
this pull request
Oct 5, 2022
* Adds docs for passwordValidation() * Add passwordValidation() function to templates * Invoke passwordValidation() function during signup * Update docs * Add PasswordValidationError * export PasswordValidationError * Update templates to use _password since var not actually used * Adds test for passwordValidation() * --rebuild-fixture * Adds test for undefined passwordValidation function
Tobbe
added a commit
to Tobbe/redwood
that referenced
this pull request
Oct 9, 2022
Tobbe
added a commit
to Tobbe/redwood
that referenced
this pull request
Oct 9, 2022
jtoar
added a commit
to Tobbe/redwood
that referenced
this pull request
Oct 10, 2022
Tobbe
added a commit
that referenced
this pull request
Oct 13, 2022
* AuthProvider: Don't type cast createAuthClient args * AuthProvider: Get rid of unused AuthContext init params * Provide types for web auth methods * Minor updates after writing PR description * AuthProvider: 'type' from authImpl * Auth: Custom getCurrentUser * Update more auth providers implementations * Export auth fatory methods * Create wrapper methods to help TS with types * SuperTokens authImplementation * Okta authImplementation * GoTrue authImplementation * MagicLink authImplementation * Firebase authImplementation * Auth0 authImplementation * Ethereum and AzureActiveDirectory authImplementation * Get rid of authClients * Export auth factories * useAuth all over the place * Update yarn.lock * useNoAuth * Relative imports * update test-project fixture * Make all Auth tests pass * Fix router tests * Better solution for tests * No global useAuth * Simplify types * setup types for netlify-identity * useListenForUpdates and clerk updates * Update clerk integration * auth setup: print correct ts/js file ext * Pass through client to useAuth. Enable WebAuthn for dbAuth * Fix ethereum authImplementation * web side auth.ts templates * auth setup * More auth setup tests * Code review fixes * Update useNoAuth so router unit tests pass * auth setup: Warn if we can't find RedwoodApolloProvider * Auth handler tests * Update README.md * lib templates: Use currentUserRoles everywhere for better TS experience * Clean up provider specific config that has moved to separate files * Custom auth setup command * Fix import order in auth templates * netlify auth: fix package lis * auth-providers and mocked useAuth * auth setup: Update RedwoodApolloProvider warning message * auth setup: Use @redwoodjs/auth-providers * dbAuth test login * dbAuth test logout * Test customProviderHooks in AuthProvider * Update test snapshots * Updated test-project fixture * Fix bad merge * Update dbAuth page templates * Update test-project codemods * internal fixture: Update useAuth import * Clean up MockProviders * update test-project fixture * Use path.sep cuz Windows * Handle windows paths * One more test to fix * Mock useAuth for StoryBook * Tweak SB config * Smarter hasRole mock * rbacChecks: Make it less flakey * auth0 tests * AzureActiveDirectory tests * Clerk tests * Updated yarn.lock * Test GoTrue and Netlify * yarn constraints fix * Move auth api templates into api folder * authFiles: More accurate comment * Auth setup: Group tempalates by provider * Support arbritary files/templates * Supertokens auth setup * setup auth: fix api output path * Handle existing files + ts and js projects * fix yarn constraints * Better support for multiple auth providers on the api side * Start moving setup commands into provider specific folders * Update supertokens templates * Auth specific setup scripts * authFiles, authTasks: Switch to TS * Start moving setup scripts to the auth-providers package * Tighten up Telemetry types * rw/cli tsconfig * @redwoodjs/cli-helpers * Keep moving setup scripts to the auth-provider package * Moved all auth provider setup scripts to the auth-provider package * Update auth-helper exports. Move helper function to cli-helpers * Re-add setup auth command * Use cli-helpers methods in the cli package * Setup commands happy-path working * Use unique filenames to avoid overwriting existing files * Restructure netlify auth * Restructure auth-provider package * Revert "Use cli-helpers methods in the cli package" This reverts commit 8704d6b. * CLI keeps its methods * cli: clean up package config * graphql-server: fix tests and improve typing * authFiles: Rename files -> apiSideFiles * cli-helpers: Add test for auth setup helpers * Start adding authDecoder to some auth setup commands * cli project.js: Add back missing method * Fix broken merge in cli scripts * Make it build * Update test project fixture * auth-providers-setup package * auth-providers-setup: Remove web and api folders * auth-providers-setup: restructure package * Try adding types to telemetry * auth-providers-web * auth-providers-web: Remove non-web files * auth-providers-web: restructure * auth setup: Fix template imports * auth-providers: Only export api stuff * auth-providers-web: correct package name * auth-providers -> auth-providers-api * Update yarn.lock * Update auth-providers import * Make all tests pass * Update test project fixture * Fix package imports * Fix imports and update test-project fixture * Pass auth-provider type to auth decoders * auth decoders: Use Decoder type * Netlify setup: Temporarily disable rw auth package installation * strict mode * Fix broken merge * Fix package deps * Tweak regexps to fix code scanning issues * Atomic group regex * One more atomic group regex * yarn constraints fix * Revert "yarn constraints fix" This reverts commit 7d463a2. * manual yarn constraints fix * More manual version updates * Don't use carret versions * update lockfile * Fix lint warnings * Remove DMMF import * Update snapshots * Use node14 compatible syntax * Fix api side auth imports * Fix yarn.lock * Update regex * Tweak regex * Avoid red squiggles in generated code * Updated test fixture * Export Decoded * dbAuth template types * Update test-project fixture * Add jsonwebtoken to auth-providers-api deps * auth-providers-api: Update jest config * auth-providers-api: Add azureAD tests * Update azureAD test and decoder * auth-providers-api: test clerk * auth-providers-api ethereum tests * auth-providers-api: firebase tests * use default req in tests * auth-providers-api: goTrue tests * auth-providers-api: netlify tests * Test magicLink * Test nhost decoder * test okta decoder * okta tests: Better types * test supabase decode * supertokens decoder tests * Duplicate mock req to make tests standalone * auth-providers-web: ethereum and firebase tests * fix: resolve firebase/auth and deps to commonjs * Fix firebase tests * Type-tweak to firebase test * test magicLink * auth-providers-web: test nhost * okta tests * Test supabase and supertokens * Add usage warning and prompt to auth setup * Fix merge resolutions * Fix package versions * Allow bypassing auth setup prompt (for CI) * auth docs: custom auth * Temporary fix for dbauth webauthn * Update packages/cli/src/commands/__tests__/test.test.js Co-authored-by: Dominic Saadi <dominiceliassaadi@gmail.com> * Review comment fixes. Biggest one is switching to listr2 in cli-helpers * Revert unneeded change * Add changes from #6372 * Fix clerk auth build error * Fix #6372 implementation * Add missign auth decoder exports * Update auth imports * Add firebase anon auth * cli-helpers: listr2 dep, and test fixes * auth2 * dbAuth passwordValidation * Minimize changes to packages/api * Minimize changes to packages/auth * Fix bad merge * Move to @rwjs/auth instead of auth2 * Fix cli-helpers test * auth2 -> auth fixes Co-authored-by: Dominic Saadi <dominiceliassaadi@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #6237
Release Notes
If you're using dbAuth you can now validate a user's password on the server at signup, checking for length, randomness, etc. Along with
signup.handler()
you can now definesignup.passwordValidation()
inapi/src/functions/auth.js
:In a newly setup instance of dbAuth, this function will simply
return true
meaning that any password would be considered valid (the same as the previous behavior).For the best user experience you want to check for these same things on the web-side, to avoid a round trip to the server just to see an error message, but having the check on the server is essential for security.