search

mkhorasani / Streamlit-Authenticator

A secure authentication module to manage user access in a Streamlit application.
Other
1.6k stars 250 forks source link

Password does not meet criteria #187

Closed chuong98 closed 2 weeks ago

chuong98 commented 2 months ago

I tried with the version 0.3.3 but get the error when register new user. Even if I overwrite the validator:

from streamlit_authenticator.utilities import  Validator

class MyValidator(Validator):
    def validate_password(self, password: str) -> bool:
        return True
auth = Authenticate(
    config['credentials'],
    config['cookie']['name'],
    config['cookie']['key'],
    config['cookie']['expiry_days'],
    config['pre-authorized'],
    validator=MyValidator(),
    auto_hash=True
)
mkhorasani commented 2 months ago

Hi @chuong98, this is indeed a bug, and I will fix it in v0.3.4 that should be released this month. Thank you for bringing this to my attention!

chuong98 commented 2 months ago

Can you also provide the option to write Hint about the requirements of the password

mkhorasani commented 2 months ago

Can you also provide the option to write Hint about the requirements of the password

Excellent idea! Will do.

indrex commented 2 months ago

Came here to share that I added a hint for users in the form explaining that only !@$%*?& are allowed. They kept trying underscore etc and I had no idea why the validation failed until I checked the regex in the validator method.

mkhorasani commented 2 months ago

Yes apologies for that, a fix is on the way!

indrex commented 2 months ago

@mkhorasani you are doing great, thanks for the project.

mkhorasani commented 2 months ago

@mkhorasani you are doing great, thanks for the project.

You're most welcome.

edofe99 commented 2 months ago

Hello I tried replicating the code in the main github readme file tutorial and I get this error. Is the fix coming? Thank's

mkhorasani commented 2 months ago

Hello I tried replicating the code in the main github readme file tutorial and I get this error. Is the fix coming? Thank's

Yeap on the way!

edofe99 commented 2 months ago

Thanks so much

baswenneker commented 1 month ago

A fix would be greatly appreciated.

edofe99 commented 1 month ago

This also happens with "reset password widget".

edofe99 commented 1 month ago

Any ETA regarding when a new release with the fix will come out?

mkhorasani commented 1 month ago

Any ETA regarding when a new release with the fix will come out?

Fingers crossed by the end of the coming week.

yjad commented 1 month ago

Login is working but same message shows on reset_user. it also seems that the validation callback is always called regardless of the parameter.

purushotaman748 commented 1 month ago

has the new version come out yet?

edofe99 commented 1 month ago

has the new version come out yet?

Nope. Still waiting.

purushotaman748 commented 1 month ago

Any ETA on when the fix can come out?

mkhorasani commented 1 month ago

Apologies everyone for the delay but, I will need one more week. Much appreciated!

briannewtonpsyd commented 3 weeks ago

For anyone waiting on this fix, here's the regex being used:

^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$!%?&])[A-Za-z\d@$!%?&]{8,20}$

It is 8-20 characters, one lowercase letter, one uppercase, one number AND one special character (@$!%*?&). You can test it here:

https://regex101.com/

mkhorasani commented 2 weeks ago

Dear all, I just released the latest version, it addresses this issue. You can now provide a custom Validator object to the Authenticate class, and you may also provide the _passwordinstructions parameter to the Authenticate class to provide instructions for the password when the user is using the _registeruser or _resetpassword widgets.