search

TeskaLabs / seacat-auth

SeaCat Auth provides authentication, authorization, identity management, session management and other access control features.
GNU General Public License v3.0
11 stars 6 forks source link

Configurable basic password requirements #372

Closed byewokko closed 4 months ago

byewokko commented 5 months ago

Summary

Introducing configurable minimum requirements for user passwords.

This is the default config:

[seacatauth:password]
min_length=10
max_length=64
min_lowercase_count=1
min_uppercase_count=1
min_digit_count=1
min_special_count=1

The requirements are available at GET /public/password/policy and GET /account/password/policy. Example response:

{
    "min_length": 10,
    "min_lowercase_count": 1,
    "min_uppercase_count": 1,
    "min_digit_count": 1,
    "min_special_count": 1
}

This endpoint should be used by the UI to give the user relevant hints on password strength.

Compatibility

Dynamic password requirements are supported by