feat(password) EE-2690 enforce strong password policy (#6751)

* feat(password) EE-2690 enforce strong password policy * feat(password) EE-2690 disable create user button if password is not valid * feat(password) EE-2690 show force password change warning only when week password is detected * feat(password) EE-2690 prevent users leave account page by clicking add access token button Co-authored-by: Simon Meng <simon.meng@portainer.io>
2025-07-23 07:19:41 +02:00 · 2022-04-14 13:45:54 +12:00 · 2022-04-14 13:45:54 +12:00 · 85ad4e334a
commit 85ad4e334a
parent 9ebc963082
26 changed files with 331 additions and 41 deletions
--- a/api/internal/passwordutils/strengthCheck_test.go
+++ b/api/internal/passwordutils/strengthCheck_test.go
@ -0,0 +1,31 @@
+package passwordutils
+
+import "testing"
+
+func TestStrengthCheck(t *testing.T) {
+	type args struct {
+		password string
+	}
+	tests := []struct {
+		name       string
+		args       args
+		wantStrong bool
+	}{
+		{"Empty password", args{""}, false},
+		{"Short password", args{"portainer"}, false},
+		{"Short password", args{"portaienr!@#"}, false},
+		{"Week password", args{"12345678!@#"}, false},
+		{"Week password", args{"portaienr123"}, false},
+		{"Good password", args{"Portainer123"}, true},
+		{"Good password", args{"Portainer___"}, true},
+		{"Good password", args{"^portainer12"}, true},
+		{"Good password", args{"12%PORTAINER"}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotStrong := StrengthCheck(tt.args.password); gotStrong != tt.wantStrong {
+				t.Errorf("StrengthCheck() = %v, want %v", gotStrong, tt.wantStrong)
+			}
+		})
+	}
+}