mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-07 21:00:30 -06:00
rework disabling the password policy
This commit is contained in:
Roman Perekhod
7
changelog/unreleased/disabled-password-policy-rework.md
Normal file
7
changelog/unreleased/disabled-password-policy-rework.md
Normal file
@@ -0,0 +1,7 @@
|
||||
Enhancement: Disable the password policy
|
||||
|
||||
We reworked and moved disabling the password policy logic from the reva to the ocis.
|
||||
|
||||
https://github.com/owncloud/ocis/pull/8152
|
||||
https://github.com/cs3org/reva/pull/4453
|
||||
https://github.com/owncloud/ocis/issues/7916
|
||||
@@ -75,6 +75,8 @@ When setting the `FRONTEND_AUTO_ACCEPT_SHARES` to `true`, all incoming shares wi
|
||||
|
||||
Note that the password policy currently impacts only **public link password validation**.
|
||||
|
||||
In Infinite Scale, the password policy is always enabled because the max-length restriction is always applying and should be taken into account by the clients.
|
||||
|
||||
With the password policy, mandatory criteria for the password can be defined via the environment variables listed below.
|
||||
|
||||
Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
|
||||
|
||||
@@ -25,14 +25,10 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
|
||||
webURL.Path = path.Join(webURL.Path, "external")
|
||||
webOpenInAppURL := webURL.String()
|
||||
|
||||
var bannedPasswordsList map[string]struct{}
|
||||
if cfg.PasswordPolicy.BannedPasswordsList != "" {
|
||||
bannedPasswordsList, err = readMultilineFile(cfg.PasswordPolicy.BannedPasswordsList)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("failed to load the banned passwords from a file %s: %w", cfg.PasswordPolicy.BannedPasswordsList, err)
|
||||
logger.Err(err).Send()
|
||||
return nil, err
|
||||
}
|
||||
passwordPolicyCfg, err := passwordPolicyConfig(cfg)
|
||||
if err != nil {
|
||||
logger.Err(err).Send()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
archivers := []map[string]interface{}{
|
||||
@@ -327,16 +323,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
|
||||
},
|
||||
},
|
||||
},
|
||||
"password_policy": map[string]interface{}{
|
||||
"max_characters": 72,
|
||||
"disabled": cfg.PasswordPolicy.Disabled,
|
||||
"min_characters": cfg.PasswordPolicy.MinCharacters,
|
||||
"min_lowercase_characters": cfg.PasswordPolicy.MinLowerCaseCharacters,
|
||||
"min_uppercase_characters": cfg.PasswordPolicy.MinUpperCaseCharacters,
|
||||
"min_digits": cfg.PasswordPolicy.MinDigits,
|
||||
"min_special_characters": cfg.PasswordPolicy.MinSpecialCharacters,
|
||||
"banned_passwords_list": bannedPasswordsList,
|
||||
},
|
||||
"password_policy": passwordPolicyCfg,
|
||||
"notifications": map[string]interface{}{
|
||||
"endpoints": []string{"list", "get", "delete"},
|
||||
},
|
||||
@@ -385,3 +372,30 @@ func fileExists(path string) bool {
|
||||
}
|
||||
return !info.IsDir()
|
||||
}
|
||||
|
||||
func passwordPolicyConfig(cfg *config.Config) (map[string]interface{}, error) {
|
||||
_maxCharacters := 72
|
||||
if cfg.PasswordPolicy.Disabled {
|
||||
return map[string]interface{}{
|
||||
"max_characters": _maxCharacters,
|
||||
"banned_passwords_list": nil,
|
||||
}, nil
|
||||
}
|
||||
var bannedPasswordsList map[string]struct{}
|
||||
var err error
|
||||
if cfg.PasswordPolicy.BannedPasswordsList != "" {
|
||||
bannedPasswordsList, err = readMultilineFile(cfg.PasswordPolicy.BannedPasswordsList)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load the banned passwords from a file %s: %w", cfg.PasswordPolicy.BannedPasswordsList, err)
|
||||
}
|
||||
}
|
||||
return map[string]interface{}{
|
||||
"max_characters": _maxCharacters,
|
||||
"min_digits": cfg.PasswordPolicy.MinDigits,
|
||||
"min_characters": cfg.PasswordPolicy.MinCharacters,
|
||||
"min_lowercase_characters": cfg.PasswordPolicy.MinLowerCaseCharacters,
|
||||
"min_uppercase_characters": cfg.PasswordPolicy.MinUpperCaseCharacters,
|
||||
"min_special_characters": cfg.PasswordPolicy.MinSpecialCharacters,
|
||||
"banned_passwords_list": bannedPasswordsList,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -14,15 +14,10 @@ import (
|
||||
|
||||
// SharingConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
|
||||
func SharingConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string]interface{}, error) {
|
||||
var bannedPasswordsList map[string]struct{}
|
||||
var err error
|
||||
if cfg.PasswordPolicy.BannedPasswordsList != "" {
|
||||
bannedPasswordsList, err = readMultilineFile(cfg.PasswordPolicy.BannedPasswordsList)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("failed to load the banned passwords from a file %s: %w", cfg.PasswordPolicy.BannedPasswordsList, err)
|
||||
logger.Err(err).Send()
|
||||
return nil, err
|
||||
}
|
||||
passwordPolicyCfg, err := passwordPolicyConfig(cfg)
|
||||
if err != nil {
|
||||
logger.Err(err).Send()
|
||||
return nil, err
|
||||
}
|
||||
rcfg := map[string]interface{}{
|
||||
"shared": map[string]interface{}{
|
||||
@@ -94,16 +89,8 @@ func SharingConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string]
|
||||
"gateway_addr": cfg.Reva.Address,
|
||||
"writeable_share_must_have_password": cfg.WriteableShareMustHavePassword,
|
||||
"public_share_must_have_password": cfg.PublicShareMustHavePassword,
|
||||
"password_policy": map[string]interface{}{
|
||||
"disabled": cfg.PasswordPolicy.Disabled,
|
||||
"min_digits": cfg.PasswordPolicy.MinDigits,
|
||||
"min_characters": cfg.PasswordPolicy.MinCharacters,
|
||||
"min_lowercase_characters": cfg.PasswordPolicy.MinLowerCaseCharacters,
|
||||
"min_uppercase_characters": cfg.PasswordPolicy.MinUpperCaseCharacters,
|
||||
"min_special_characters": cfg.PasswordPolicy.MinSpecialCharacters,
|
||||
"banned_passwords_list": bannedPasswordsList,
|
||||
},
|
||||
"driver": cfg.PublicSharingDriver,
|
||||
"password_policy": passwordPolicyCfg,
|
||||
"driver": cfg.PublicSharingDriver,
|
||||
"drivers": map[string]interface{}{
|
||||
"json": map[string]interface{}{
|
||||
"file": cfg.PublicSharingDrivers.JSON.File,
|
||||
@@ -185,3 +172,30 @@ func fileExists(path string) bool {
|
||||
}
|
||||
return !info.IsDir()
|
||||
}
|
||||
|
||||
func passwordPolicyConfig(cfg *config.Config) (map[string]interface{}, error) {
|
||||
_maxCharacters := 72
|
||||
if cfg.PasswordPolicy.Disabled {
|
||||
return map[string]interface{}{
|
||||
"max_characters": _maxCharacters,
|
||||
"banned_passwords_list": nil,
|
||||
}, nil
|
||||
}
|
||||
var bannedPasswordsList map[string]struct{}
|
||||
var err error
|
||||
if cfg.PasswordPolicy.BannedPasswordsList != "" {
|
||||
bannedPasswordsList, err = readMultilineFile(cfg.PasswordPolicy.BannedPasswordsList)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load the banned passwords from a file %s: %w", cfg.PasswordPolicy.BannedPasswordsList, err)
|
||||
}
|
||||
}
|
||||
return map[string]interface{}{
|
||||
"max_characters": _maxCharacters,
|
||||
"min_digits": cfg.PasswordPolicy.MinDigits,
|
||||
"min_characters": cfg.PasswordPolicy.MinCharacters,
|
||||
"min_lowercase_characters": cfg.PasswordPolicy.MinLowerCaseCharacters,
|
||||
"min_uppercase_characters": cfg.PasswordPolicy.MinUpperCaseCharacters,
|
||||
"min_special_characters": cfg.PasswordPolicy.MinSpecialCharacters,
|
||||
"banned_passwords_list": bannedPasswordsList,
|
||||
}, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user