Browse Source

Added minimum password length requirements.

master
Teknikode 6 months ago
parent
commit
97071c47c5

+ 2
- 0
Configuration/UserConfig.cs View File

@@ -9,6 +9,7 @@ namespace Teknik.Configuration
public string UsernameFilterLabel { get; set; }
public int MinUsernameLength { get; set; }
public int MaxUsernameLength { get; set; }
public int MinPasswordLength { get; set; }
public string ReservedUsernameDefinitionFile { get; set; }
public decimal PremiumAccountPrice { get; set; }
public string PaymentType { get; set; }
@@ -24,6 +25,7 @@ namespace Teknik.Configuration
UsernameFilterLabel = "AlphaNumeric Characters with Dashes, Underlines, and 0-1 Periods not in the beginning or end.";
MinUsernameLength = 1;
MaxUsernameLength = 35;
MinPasswordLength = 2;
ReservedUsernameDefinitionFile = string.Empty;
PremiumAccountPrice = 0;
PaymentType = "Donation";

+ 17
- 0
Teknik/Areas/User/Controllers/UserController.cs View File

@@ -142,6 +142,16 @@ namespace Teknik.Areas.Users.Controllers
model.Error = true;
model.ErrorMessage = "That username is not available";
}
if (!model.Error && string.IsNullOrEmpty(model.Password))
{
model.Error = true;
model.ErrorMessage = "You must enter a password";
}
if (!model.Error && model.Password.Length < _config.UserConfig.MinPasswordLength)
{
model.Error = true;
model.ErrorMessage = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long";
}
if (!model.Error && model.Password != model.ConfirmPassword)
{
model.Error = true;
@@ -707,6 +717,9 @@ namespace Teknik.Areas.Users.Controllers
// Old Password Valid?
if (!(await UserHelper.UserPasswordCorrect(_config, user.Username, settings.CurrentPassword)))
return Json(new { error = "Invalid Original Password" });
// Does the new password meet the length requirement?
if (settings.NewPassword.Length < _config.UserConfig.MinPasswordLength)
return Json(new { error = $"New Password must be at least {_config.UserConfig.MinPasswordLength} characters long" });
// The New Password Match?
if (settings.NewPassword != settings.NewPasswordConfirm)
return Json(new { error = "New Password must match confirmation" });
@@ -900,6 +913,10 @@ namespace Teknik.Areas.Users.Controllers
{
return Json(new { error = "Password must not be empty" });
}
if (passwordViewModel.Password.Length < _config.UserConfig.MinPasswordLength)
{
return Json(new { error = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long" });
}
if (passwordViewModel.Password != passwordViewModel.PasswordConfirm)
{
return Json(new { error = "Passwords must match" });

+ 2
- 1
Teknik/Middleware/CSPMiddleware.cs View File

@@ -53,7 +53,8 @@ namespace Teknik.Middleware
"worker-src blob: mediastream: {0}; " +
"form-action {0}; " +
"base-uri {0}; " +
"frame-ancestors {0};",
"frame-ancestors {0}; " +
"object-src {0};",
allowedDomain,
httpContext.Items[Constants.NONCE_KEY]));
}

Loading…
Cancel
Save