Ensure complexity, minlength and ispwned are checked on password setting #18005
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix go-gitea#17977 Signed-off-by: Andrew Thornton <art27@cantab.net>
KN4CK3R
approved these changes
Dec 16, 2021
GiteaBot
added
the
lgtm/need 1
techknowlogick
approved these changes
Dec 16, 2021
GiteaBot
added
lgtm/done
…ked-on-must-change-password
|
make L-G-T-M work. |
|
Please send back port to v1.15 |
zeripath
deleted the
fix-17977-ensure-complexity-and-ispwned-checked-on-must-change-password
branch
zeripath
added a commit
to zeripath/gitea
that referenced
this pull request
Dec 17, 2021
…ing (go-gitea#18005) Backport go-gitea#18005 It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix go-gitea#17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
zeripath
added a commit
to zeripath/gitea
that referenced
this pull request
Dec 19, 2021
## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19 * BUGFIXES * Reset locale on login (go-gitea#18023) (go-gitea#18025) * Fix reset password email template (go-gitea#17025) (go-gitea#18022) * Fix outType on gitea dump (go-gitea#18000) (go-gitea#18016) * Ensure complexity, minlength and isPwned are checked on password setting (go-gitea#18005) (go-gitea#18015) * Fix rename notification bug (go-gitea#18011) * Prevent double decoding of % in url params (go-gitea#17997) (go-gitea#18001) * Prevent hang in git cat-file if the repository is not a valid repository (Partial go-gitea#17991) (go-gitea#17992) * Prevent deadlock in create issue (go-gitea#17970) (go-gitea#17982) * TESTING * Use non-expiring key. (go-gitea#17984) (go-gitea#17985) Signed-off-by: Andrew Thornton <art27@cantab.net>
This was referenced Dec 19, 2021
Merged
lafriks
pushed a commit
that referenced
this pull request
Dec 20, 2021
## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19 * BUGFIXES * Reset locale on login (#18023) (#18025) * Fix reset password email template (#17025) (#18022) * Fix outType on gitea dump (#18000) (#18016) * Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015) * Fix rename notification bug (#18011) * Prevent double decoding of % in url params (#17997) (#18001) * Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992) * Prevent deadlock in create issue (#17970) (#17982) * TESTING * Use non-expiring key. (#17984) (#17985) Signed-off-by: Andrew Thornton <art27@cantab.net> * Update CHANGELOG.md Co-authored-by: 6543 <6543@obermui.de>
zeripath
added
the
topic/security
Chianina
pushed a commit
to Chianina/gitea
that referenced
this pull request
Mar 28, 2022
…ing (go-gitea#18005) It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix go-gitea#17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.
Fix #17977
Fix #18036
Signed-off-by: Andrew Thornton art27@cantab.net