Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add minimum password length and password requirements config #2885

2 changes: 2 additions & 0 deletions internal/start/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,8 @@ EOF
fmt.Sprintf("GOTRUE_SMS_TEMPLATE=%v", utils.Config.Auth.Sms.Template),
"GOTRUE_SMS_TEST_OTP=" + testOTP.String(),

fmt.Sprintf("GOTRUE_PASSWORD_MIN_LENGTH=%v", utils.Config.Auth.MinimumPasswordLength),
fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", utils.Config.Auth.PasswordRequirements),
fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_ROTATION_ENABLED=%v", utils.Config.Auth.EnableRefreshTokenRotation),
fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_REUSE_INTERVAL=%v", utils.Config.Auth.RefreshTokenReuseInterval),
fmt.Sprintf("GOTRUE_SECURITY_MANUAL_LINKING_ENABLED=%v", utils.Config.Auth.EnableManualLinking),
Expand Down
4 changes: 4 additions & 0 deletions pkg/config/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ type (
SiteUrl string `toml:"site_url"`
AdditionalRedirectUrls []string `toml:"additional_redirect_urls"`
JwtExpiry uint `toml:"jwt_expiry"`
MinimumPasswordLength uint `toml:"minimum_password_length"`
PasswordRequirements string `toml:"password_requirements"`
silentworks marked this conversation as resolved.
Show resolved Hide resolved
EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"`
RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"`
EnableManualLinking bool `toml:"enable_manual_linking"`
Expand Down Expand Up @@ -192,6 +194,8 @@ func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody {
SecurityManualLinkingEnabled: &a.EnableManualLinking,
DisableSignup: cast.Ptr(!a.EnableSignup),
ExternalAnonymousUsersEnabled: &a.EnableAnonymousSignIns,
PasswordMinLength: cast.UintToIntPtr(&a.MinimumPasswordLength),
PasswordRequiredCharacters: (*v1API.UpdateAuthConfigBodyPasswordRequiredCharacters)(&a.PasswordRequirements),
sweatybridge marked this conversation as resolved.
Show resolved Hide resolved
}
a.Hook.toAuthConfigBody(&body)
a.MFA.toAuthConfigBody(&body)
Expand Down
7 changes: 7 additions & 0 deletions pkg/config/templates/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,13 @@ additional_redirect_urls = ["https://127.0.0.1:3000"]
# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
jwt_expiry = 3600
# If disabled, the refresh token will never expire.
minimum_password_length = 6
# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more.
password_requirements = ""
# Passwords that do not have at least one of each will be rejected as weak.
# Letters and digits: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789
# Lowercase, uppercase letters and digits: abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789
# Lowercase, uppercase letters, digits and symbols: abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789:!@#$%^&*()_+-=[]{};'\\\\:\"|<>?,./`~
silentworks marked this conversation as resolved.
Show resolved Hide resolved
enable_refresh_token_rotation = true
# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
# Requires enable_refresh_token_rotation = true.
Expand Down
Loading