search

go-kratos / kratos

Your ultimate Go microservices framework for the cloud-native era.
https://go-kratos.dev
MIT License
23.32k stars 4.01k forks source link

[Feature] Add password similarity check for non-identifiers #2226

Closed DzianisH closed 2 years ago

DzianisH commented 2 years ago

Context

Assume I do have an identity schema like the one below. It contains username as an identifier and email as an additional property. 

{
  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "title": "Username",
          "minLength": 3,
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        },
        "email": {
          "type": "string",
          "format": "email",
          "title": "Email",
          "minLength": 3,
          "ory.sh/kratos": {
            "verification": {
              "via": "email"
            },
            "recovery": {
              "via": "email"
            }
          }
        }
      },
      "required": [
        "email", "username"
      ],
      "additionalProperties": false
    }
  }
}

What I want to do

I want to add a similarity check for pair email-password to enhance the dummy password protection. Currently, I can do it only by making email an identifier.

shenqidebaozi commented 2 years ago

You may have found the wrong place, hahaha!

shenqidebaozi commented 2 years ago

We are the micro service framework of go language