feat(internal-auth): ability to set minimum password length [EE-3175] (#6942)

* feat(internal-auth): ability to set minimum password length [EE-3175] * pass props to react component * fixes + WIP slider * fix slider updating + add styles * remove nested ternary * fix slider updating + add remind me later button * add length to settings + value & onchange method * finish my account view * fix slider updating * slider styles * update style * move slider in * update size of slider * allow admin to browse to authentication view * use feather icons instead of font awesome * feat(settings): add colors to password rules * clean up tooltip styles * more style changes * styles * fixes + use requiredLength in password field for icon logic * simplify logic * simplify slider logic and remove debug code * use required length for logic to display pwd length warning * fix slider styles * use requiredPasswordLength to determine if password is valid * style tooltip based on theme * reset skips when password is changed * misc cleanup * reset skips when required length is changed * fix formatting * fix issues * implement some suggestions * simplify logic * update broken test * pick min password length from DB * fix suggestions * set up min password length in the DB * fix test after migration * fix formatting issue * fix bug with icon * refactored migration * fix typo * fixes * fix logic * set skips per user * reset skips for all users on length change Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com> Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
2025-07-23 15:29:42 +02:00 · 2022-06-03 16:00:13 +12:00 · 2022-06-03 16:00:13 +12:00 · bca1c6b9cf
commit bca1c6b9cf
parent 4195d93a16
52 changed files with 2486 additions and 2065 deletions
--- a/api/http/security/passwordStrengthCheck.go
+++ b/api/http/security/passwordStrengthCheck.go
@ -0,0 +1,35 @@
+package security
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/sirupsen/logrus"
+)
+
+type PasswordStrengthChecker interface {
+	Check(password string) bool
+}
+
+type passwordStrengthChecker struct {
+	settings settingsService
+}
+
+func NewPasswordStrengthChecker(settings settingsService) *passwordStrengthChecker {
+	return &passwordStrengthChecker{
+		settings: settings,
+	}
+}
+
+// Check returns true if the password is strong enough
+func (c *passwordStrengthChecker) Check(password string) bool {
+	s, err := c.settings.Settings()
+	if err != nil {
+		logrus.WithError(err).Warn("failed to fetch Portainer settings to validate user password")
+		return true
+	}
+
+	return len(password) >= s.InternalAuthSettings.RequiredPasswordLength
+}
+
+type settingsService interface {
+	Settings() (*portainer.Settings, error)
+}