Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[make:reset-password] increase password strength & check for comprimised password #1405

Merged
merged 1 commit into from
Feb 27, 2024
Merged

[make:reset-password] increase password strength & check for comprimised password #1405

merged 1 commit into from
Feb 27, 2024

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Dec 8, 2023
edited
Loading

For the password reset process:

  • Adds the NotCompromisedPassword and PasswordStrength constraints to the password reset form
  • Set a minimal password length to 12 instead of 6

94noni
94noni reviewed Dec 8, 2023
View reviewed changes
src/Resources/skeleton/resetPassword/ChangePasswordFormType.tpl.php
'minMessage' => 'Your password should be at least {{ limit }} characters',
// max length allowed by Symfony for security reasons
'max' => 4096,
]),
new PasswordStrength(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this 👍🏻

@94noni
Copy link
Contributor

94noni commented Dec 8, 2023

perhaps split into 2 PRs ?
one related to login password and other to throttling

@Spomky
Copy link
Contributor Author

Spomky commented Dec 8, 2023

perhaps split into 2 PRs ? one related to login password and other to throttling

Yes indeed. I will change it.
The throttling part is not complete as I should add the symfony/rate-limiter as a dependency.

@Spomky Spomky force-pushed the enhanced-security branch 2 times, most recently from a303e50 to 7f746a6 Compare December 8, 2023 08:42
@Spomky Spomky changed the title Last Symfony features + recommendation [make:reset-password] Last Symfony features + recommendation Dec 8, 2023
jrushlow
jrushlow approved these changes Feb 27, 2024
View reviewed changes
Copy link
Collaborator

@jrushlow jrushlow left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! thank you @Spomky for this PR

@jrushlow jrushlow added Feature New Feature Status: Reviewed Has been reviewed by a maintainer labels Feb 27, 2024
@jrushlow jrushlow changed the title [make:reset-password] Last Symfony features + recommendation [make:reset-password] increase password strength & check for comprimised password Feb 27, 2024
@jrushlow jrushlow merged commit 77408fc into symfony:main Feb 27, 2024
6 checks passed
@Spomky Spomky deleted the enhanced-security branch March 1, 2024 10:09
@jrushlow jrushlow mentioned this pull request Mar 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@94noni 94noni 94noni approved these changes

@jrushlow jrushlow jrushlow approved these changes

Assignees
No one assigned
Labels
Feature New Feature Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Spomky @94noni @jrushlow