Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[make:reset-password] increase password strength & check for comprimised password #1405

Merged
merged 1 commit into from
Feb 27, 2024
Merged

[make:reset-password] increase password strength & check for comprimised password #1405

merged 1 commit into from
Feb 27, 2024

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Dec 8, 2023
edited
Loading

For the password reset process:

  • Adds the NotCompromisedPassword and PasswordStrength constraints to the password reset form
  • Set a minimal password length to 12 instead of 6

94noni
94noni reviewed Dec 8, 2023
View reviewed changes
src/Resources/skeleton/resetPassword/ChangePasswordFormType.tpl.php
'minMessage' => 'Your password should be at least {{ limit }} characters',
// max length allowed by Symfony for security reasons
'max' => 4096,
]),
new PasswordStrength(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this 👍🏻

@94noni
Copy link
Contributor

94noni commented Dec 8, 2023

perhaps split into 2 PRs ?
one related to login password and other to throttling

@Spomky
Copy link
Contributor Author

Spomky commented Dec 8, 2023

perhaps split into 2 PRs ? one related to login password and other to throttling

Yes indeed. I will change it.
The throttling part is not complete as I should add the symfony/rate-limiter as a dependency.

@Spomky Spomky force-pushed the enhanced-security branch 2 times, most recently from a303e50 to 7f746a6 Compare December 8, 2023 08:42
@Spomky Spomky changed the title Last Symfony features + recommendation [make:reset-password] Last Symfony features + recommendation Dec 8, 2023
jrushlow
jrushlow approved these changes Feb 27, 2024
View reviewed changes
Copy link
Collaborator

@jrushlow jrushlow left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! thank you @Spomky for this PR

@jrushlow jrushlow added Feature New Feature Status: Reviewed Has been reviewed by a maintainer labels Feb 27, 2024
@jrushlow jrushlow changed the title [make:reset-password] Last Symfony features + recommendation [make:reset-password] increase password strength & check for comprimised password Feb 27, 2024
@jrushlow jrushlow merged commit 77408fc into symfony:main Feb 27, 2024
6 checks passed
@Spomky Spomky deleted the enhanced-security branch March 1, 2024 10:09
@jrushlow jrushlow mentioned this pull request Mar 4, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@jrushlow jrushlow jrushlow approved these changes

@94noni 94noni 94noni approved these changes

Assignees
No one assigned
Labels
Feature New Feature Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Spomky @94noni @jrushlow