Backend work to support minimum password complexity (#2965)

* config: Add minimum password complexity option * PasswordManager: add function for checking if complexity is sufficient * Enforce password complexity on registration, change and recovery * cli: Use exit code 1 for weak passwords This seems preferable to exit code 0, but ideally we should choose one and document it. * Expose minimum password complexity score over GraphQL
2025-11-20 12:02:22 +03:00 · 2024-07-11 10:17:39 +01:00
parent 569eb07bd6
commit fbc360d1a9
25 changed files with 317 additions and 66 deletions
--- a/crates/handlers/src/test_utils.rs
+++ b/crates/handlers/src/test_utils.rs
@@ -136,6 +136,7 @@ pub fn test_site_config() -> SiteConfig {
        password_change_allowed: true,
        account_recovery_allowed: true,
        captcha: None,
+        minimum_password_complexity: 1,
    }
 }

@@ -178,7 +179,10 @@ impl TestState {
        let metadata_cache = MetadataCache::new();

        let password_manager = if site_config.password_login_enabled {
-            PasswordManager::new([(1, Hasher::argon2id(None))])?
+            PasswordManager::new(
+                site_config.minimum_password_complexity,
+                [(1, Hasher::argon2id(None))],
+            )?
        } else {
            PasswordManager::disabled()
        };