-
Notifications
You must be signed in to change notification settings - Fork 333
[SQSERVICES-1931] wire server allow backend to enforce stronger password restrictions when setting a password #3137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 4 commits
9bb0151
a0aff3f
c31a899
7d5468e
51c4fa7
29f4602
1731b48
b2adfe0
fca8388
fe632a7
369e1ec
becc36e
8abfe18
3766cbd
952b67f
25400f5
55ccf1c
c21f8e3
82f4d8f
5ba26cc
1f3da62
91b315e
7231764
2127ded
01838ca
974cd63
4d69dc0
c2c94c5
613919b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Enforce a minimum length of 8 characters when setting a new password |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -50,7 +50,15 @@ module Data.Misc | |
| Rsa, | ||
|
|
||
| -- * PlainTextPassword | ||
| PlainTextPassword (..), | ||
| PlainTextPassword' (..), | ||
| PlainTextPassword, | ||
| PlainTextPasswordMinLength8, | ||
| plainTextPasswordLegacy, | ||
| plainTextPassword, | ||
| fromPlainTextPassword, | ||
| plainTextPasswordUnsafe, | ||
| plainTextPasswordLegacyUnsafe, | ||
| toLegacy, | ||
|
|
||
| -- * Typesafe FUTUREWORKS | ||
| FutureWork (..), | ||
|
|
@@ -75,6 +83,7 @@ import Data.String.Conversions (cs) | |
| import qualified Data.Swagger as S | ||
| import qualified Data.Text as Text | ||
| import Data.Text.Encoding (decodeUtf8, encodeUtf8) | ||
| import GHC.TypeLits (Nat) | ||
| import Imports | ||
| import Servant (FromHttpApiData (..)) | ||
| import Test.QuickCheck (Arbitrary (arbitrary), chooseInteger) | ||
|
|
@@ -338,23 +347,54 @@ instance Arbitrary (Fingerprint Rsa) where | |
| -------------------------------------------------------------------------------- | ||
| -- Password | ||
|
|
||
| newtype PlainTextPassword = PlainTextPassword | ||
| {fromPlainTextPassword :: Text} | ||
| type PlainTextPassword = PlainTextPassword' (6 :: Nat) | ||
|
|
||
| type PlainTextPasswordMinLength8 = PlainTextPassword' (8 :: Nat) | ||
|
|
||
| plainTextPasswordLegacy :: Text -> Maybe PlainTextPassword | ||
| plainTextPasswordLegacy = fmap PlainTextPassword' . checked | ||
|
|
||
| plainTextPasswordLegacyUnsafe :: Text -> PlainTextPassword | ||
| plainTextPasswordLegacyUnsafe = PlainTextPassword' . unsafeRange | ||
|
|
||
| plainTextPassword :: Text -> Maybe PlainTextPasswordMinLength8 | ||
| plainTextPassword = fmap PlainTextPassword' . checked | ||
|
|
||
| plainTextPasswordUnsafe :: Text -> PlainTextPasswordMinLength8 | ||
| plainTextPasswordUnsafe = PlainTextPassword' . unsafeRange | ||
|
|
||
| fromPlainTextPassword :: PlainTextPassword' t -> Text | ||
| fromPlainTextPassword = fromRange . fromPlainTextPassword' | ||
|
|
||
| -- | Convert a 'PlainTextPasswordMinLength8' to a legacy 'PlainTextPassword'. | ||
| toLegacy :: PlainTextPasswordMinLength8 -> PlainTextPassword | ||
| toLegacy = PlainTextPassword' . unsafeRange . fromPlainTextPassword | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's fine to use |
||
|
|
||
| newtype PlainTextPassword' (minLen :: Nat) = PlainTextPassword' | ||
| {fromPlainTextPassword' :: Range minLen (1024 :: Nat) Text} | ||
| deriving stock (Eq, Generic) | ||
| deriving (FromJSON, ToJSON, S.ToSchema) via Schema PlainTextPassword | ||
|
|
||
| instance Show PlainTextPassword where | ||
| show _ = "PlainTextPassword <hidden>" | ||
| deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => FromJSON (PlainTextPassword' tag) | ||
|
|
||
| instance ToSchema PlainTextPassword where | ||
| schema = | ||
| PlainTextPassword | ||
| <$> fromPlainTextPassword | ||
| .= untypedRangedSchema 6 1024 schema | ||
| deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => ToJSON (PlainTextPassword' tag) | ||
|
|
||
| deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => S.ToSchema (PlainTextPassword' tag) | ||
|
|
||
| instance Show (PlainTextPassword' minLen) where | ||
| show _ = "PlainTextPassword' <hidden>" | ||
|
|
||
| instance ToSchema (PlainTextPassword' (6 :: Nat)) where | ||
| schema = PlainTextPassword' <$> fromPlainTextPassword' .= schema | ||
|
|
||
| instance ToSchema (PlainTextPassword' (8 :: Nat)) where | ||
| schema = PlainTextPassword' <$> fromPlainTextPassword' .= schema | ||
|
|
||
| instance Arbitrary (PlainTextPassword' (6 :: Nat)) where | ||
| arbitrary = PlainTextPassword' <$> arbitrary | ||
|
|
||
| instance Arbitrary PlainTextPassword where | ||
| instance Arbitrary (PlainTextPassword' (8 :: Nat)) where | ||
| -- TODO: why 6..1024? For tests we might want invalid passwords as well, e.g. 3 chars | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This |
||
| arbitrary = PlainTextPassword . fromRange <$> genRangeText @6 @1024 arbitrary | ||
| arbitrary = PlainTextPassword' <$> arbitrary | ||
|
|
||
| -- | Usage: | ||
| -- 1. Use this type in patterns to mark FUTUREWORKS. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The old passwords should have the more awkward name, the passwords we really want to deal with everywhere the simpler name.