search

hassio-addons / addon-node-red

Node-RED - Home Assistant Community Add-ons
https://addons.community
MIT License
525 stars 120 forks source link

Password "have i been pwned" rejection handling #60

Closed lukassvec closed 5 years ago

lukassvec commented 5 years ago

Problem/Motivation

When starting node red, the addon started and allowed me to view the Web UI, though the page did not load. After reading the logs, the reference to password error referenced "Have I been pwned" showing X number of password matches. This took a while to find and did not provide steps to create a better password.

Expected behavior

I would expect the add-on to not start at all if such an error occurred, the error to show up automatically if the password selected was not good enough. Alternatively, the documentation can be updated to include instructions on password selection criteria.

Actual behavior

The addon starts as if no error occurred and neither the documentation or log provide next steps.

Proposed changes

Update documentation or logging to reference selection criteria.

frenck commented 5 years ago

The add-on does not start if the password is found in the HIBP database. If it does continue, it must be manually overridden by the user. A simple google would have learned about Have I Been Pwned.

For the next version, the add-on no longer relies on its own user accounts, therefore there is no need to change anything at this point.

Closing this issue.

addons-assistant[bot] commented 5 years ago

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.