fix: Require minimum length of 8 characters password #2009
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: sawadashota <[email protected]>
Signed-off-by: sawadashota <[email protected]>
zepatrik
approved these changes
Nov 30, 2021
aeneasr
requested changes
Nov 30, 2021
Signed-off-by: sawadashota <[email protected]>
sawadashota
force-pushed
the
fix_pw_len
branch
from
c59135d
to
d884fed
Compare
|
I fixed and some test cases are passed. Failed cases seem to be also fail at master branch. |
zepatrik
approved these changes
Dec 2, 2021
| @@ -222,7 +222,7 @@ context('2FA lookup secrets', () => { | |||
|
|
|||
| it('should fail to set up totp if verify code is wrong', () => { | |||
| cy.visit(settings) | |||
| cy.get('input[name="totp_code"]').type('123456') | |||
| cy.get('input[name="totp_code"]').type('12345678') | |||
There was a problem hiding this comment.
I assume this would not fail with this change, but doesn't matter.
|
Thanks again 👍 |
7 tasks
peturgeorgievv
pushed a commit
to senteca/kratos-fork
that referenced
this pull request
Jun 30, 2023
Kratos follows [NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers](https://pages.nist.gov/800-63-3/sp800-63b.html) and [password policy](https://www.ory.sh/kratos/docs/concepts/security#password-policy) says > Passwords must have a minimum length of 8 characters and all characters (unicode, ASCII) must be allowed. Signed-off-by: sawadashota <[email protected]> Co-authored-by: Patrik <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue(s)
Kratos follows NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers and password policy says
but currently Kratos requires 6 chars minimum. So I fixed to 8 chars.
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments