Backend work to support minimum password complexity (#2965)

* config: Add minimum password complexity option * PasswordManager: add function for checking if complexity is sufficient * Enforce password complexity on registration, change and recovery * cli: Use exit code 1 for weak passwords This seems preferable to exit code 0, but ideally we should choose one and document it. * Expose minimum password complexity score over GraphQL
2025-08-06 06:02:40 +03:00 · 2024-07-11 10:17:39 +01:00
parent 569eb07bd6
commit fbc360d1a9
25 changed files with 317 additions and 66 deletions
--- a/crates/data-model/src/site_config.rs
+++ b/crates/data-model/src/site_config.rs
@@ -78,4 +78,8 @@ pub struct SiteConfig {

    /// Captcha configuration
    pub captcha: Option<CaptchaConfig>,
+
+    /// Minimum password complexity, between 0 and 4.
+    /// This is a score from zxcvbn.
+    pub minimum_password_complexity: u8,
 }