Need to decide on default config schema values

[taylortom]

Auth

We need to decide on how strict we want to be by default. I've set up the rules to match

• Username: currently requires a valid email address (i.e. no admin)
• Password: same to legacy (possibly too lenient)

The migration process imports the old passwords as-is, but any new passwords/password changes will have to conform to the new rules. The localauth config offers the following (defaults in brackets):

• minPasswordLength: 8
• passwordMustHaveNumber: false
• passwordMustHaveUppercase: false
• passwordMustHaveLowercase: false
• passwordMustHaveSpecial: false (i.e. special/symbol chars: #?!@$%^&*-)

TODO

• [ ] Update localauth config schema
• [ ] Add documentation listing changes & ways to override

Directories

All dirs have been set up to be relative to data and temp, which are currently situated inside the src root, but we may want to change this (possbily outside of the src, see https://github.com/adapt-security/adapt-authoring/issues/500, or maybe in a single folder in the src? i.e. APP_DATA/data, APP_DATA/temp).

We only need to change the following:

• dataDir
• tempDir

[taylortom]

Have bumped password length to 12, will leave the rest as-is