feat(password) EE-2690 enforce strong password policy (#6751)

* feat(password) EE-2690 enforce strong password policy * feat(password) EE-2690 disable create user button if password is not valid * feat(password) EE-2690 show force password change warning only when week password is detected * feat(password) EE-2690 prevent users leave account page by clicking add access token button Co-authored-by: Simon Meng <simon.meng@portainer.io>
2025-07-24 07:49:41 +02:00 · 2022-04-14 13:45:54 +12:00 · 2022-04-14 13:45:54 +12:00 · 85ad4e334a
commit 85ad4e334a
parent 9ebc963082
26 changed files with 331 additions and 41 deletions
--- a/api/jwt/jwt.go
+++ b/api/jwt/jwt.go
@ -22,10 +22,11 @@ type Service struct {
 }

 type claims struct {
-	UserID   int    `json:"id"`
-	Username string `json:"username"`
-	Role     int    `json:"role"`
-	Scope    scope  `json:"scope"`
+	UserID              int    `json:"id"`
+	Username            string `json:"username"`
+	Role                int    `json:"role"`
+	Scope               scope  `json:"scope"`
+	ForceChangePassword bool   `json:"forceChangePassword"`
 	jwt.StandardClaims
 }

@ -164,10 +165,11 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
 	}

 	cl := claims{
-		UserID:   int(data.ID),
-		Username: data.Username,
-		Role:     int(data.Role),
-		Scope:    scope,
+		UserID:              int(data.ID),
+		Username:            data.Username,
+		Role:                int(data.Role),
+		Scope:               scope,
+		ForceChangePassword: data.ForceChangePassword,
 		StandardClaims: jwt.StandardClaims{
 			ExpiresAt: expiresAt,
 			IssuedAt:  time.Now().Unix(),