Browse Source

Added minimum password length requirements.

Teknikode 4 months ago
parent
commit
97071c47c5

+ 2
- 0
Configuration/UserConfig.cs View File

@@ -9,6 +9,7 @@ namespace Teknik.Configuration
9 9
         public string UsernameFilterLabel { get; set; }
10 10
         public int MinUsernameLength { get; set; }
11 11
         public int MaxUsernameLength { get; set; }
12
+        public int MinPasswordLength { get; set; }
12 13
         public string ReservedUsernameDefinitionFile { get; set; }
13 14
         public decimal PremiumAccountPrice { get; set; }
14 15
         public string PaymentType { get; set; } 
@@ -24,6 +25,7 @@ namespace Teknik.Configuration
24 25
             UsernameFilterLabel = "AlphaNumeric Characters with Dashes, Underlines, and 0-1 Periods not in the beginning or end.";
25 26
             MinUsernameLength = 1;
26 27
             MaxUsernameLength = 35;
28
+            MinPasswordLength = 2;
27 29
             ReservedUsernameDefinitionFile = string.Empty;
28 30
             PremiumAccountPrice = 0;
29 31
             PaymentType = "Donation";

+ 17
- 0
Teknik/Areas/User/Controllers/UserController.cs View File

@@ -142,6 +142,16 @@ namespace Teknik.Areas.Users.Controllers
142 142
                         model.Error = true;
143 143
                         model.ErrorMessage = "That username is not available";
144 144
                     }
145
+                    if (!model.Error && string.IsNullOrEmpty(model.Password))
146
+                    {
147
+                        model.Error = true;
148
+                        model.ErrorMessage = "You must enter a password";
149
+                    }
150
+                    if (!model.Error && model.Password.Length < _config.UserConfig.MinPasswordLength)
151
+                    {
152
+                        model.Error = true;
153
+                        model.ErrorMessage = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long";
154
+                    }
145 155
                     if (!model.Error && model.Password != model.ConfirmPassword)
146 156
                     {
147 157
                         model.Error = true;
@@ -707,6 +717,9 @@ namespace Teknik.Areas.Users.Controllers
707 717
                         // Old Password Valid?
708 718
                         if (!(await UserHelper.UserPasswordCorrect(_config, user.Username, settings.CurrentPassword)))
709 719
                             return Json(new { error = "Invalid Original Password" });
720
+                        // Does the new password meet the length requirement?
721
+                        if (settings.NewPassword.Length < _config.UserConfig.MinPasswordLength)
722
+                            return Json(new { error = $"New Password must be at least {_config.UserConfig.MinPasswordLength} characters long" });
710 723
                         // The New Password Match?
711 724
                         if (settings.NewPassword != settings.NewPasswordConfirm)
712 725
                             return Json(new { error = "New Password must match confirmation" });
@@ -900,6 +913,10 @@ namespace Teknik.Areas.Users.Controllers
900 913
                             {
901 914
                                 return Json(new { error = "Password must not be empty" });
902 915
                             }
916
+                            if (passwordViewModel.Password.Length < _config.UserConfig.MinPasswordLength)
917
+                            {
918
+                                return Json(new { error = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long" });
919
+                            }
903 920
                             if (passwordViewModel.Password != passwordViewModel.PasswordConfirm)
904 921
                             {
905 922
                                 return Json(new { error = "Passwords must match" });

+ 2
- 1
Teknik/Middleware/CSPMiddleware.cs View File

@@ -53,7 +53,8 @@ namespace Teknik.Middleware
53 53
                     "worker-src blob: mediastream: {0}; " +
54 54
                     "form-action {0}; " +
55 55
                     "base-uri {0}; " +
56
-                    "frame-ancestors {0};", 
56
+                    "frame-ancestors {0}; " +
57
+                    "object-src {0};",
57 58
                     allowedDomain, 
58 59
                     httpContext.Items[Constants.NONCE_KEY]));
59 60
             }

Loading…
Cancel
Save