password security condition relaxation

datastorm-open / shinymanager

Simple and secure authentification mechanism for single shiny applications.

https://datastorm-open.github.io/shinymanager/

379 stars 79 forks source link

password security condition relaxation #165

Closed sanjmeh closed 8 months ago

sanjmeh commented 1 year ago

In the password change menu, the user is forced to use at least one number, one special char etc. Is there a way to bypass this or change these rules?

bthieurmel commented 8 months ago

Of course. You can use validate_pwd function.

The default is :


validate_pwd <- function(pwd) {
  all(vapply(
    X = c("[0-9]+", "[a-z]+", "[A-Z]+", ".{6,}"),
    FUN = grepl, x = pwd, FUN.VALUE = logical(1)
  ))
}

For example, in global.R :

validate_pwd_custom <- function(pwd) {
  all(vapply(
    X = c("[0-9]+", "[a-z]+", "[A-Z]+", "[[:punct:]]+", ".{8,}"),
    FUN = grepl, x = pwd, FUN.VALUE = logical(1)
  ))
}

And use in server.R :

    auth_out <- secure_server(...,
        validate_pwd = validate_pwd_custom
    )

sanjmeh commented 5 months ago

saved for testing in our project.