-
-
Notifications
You must be signed in to change notification settings - Fork 954
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Require minimum length of 8 characters password #2009
Conversation
Signed-off-by: sawadashota <[email protected]>
Signed-off-by: sawadashota <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
I think you also need to adjust the e2e tests, as it appears that they are failing. Most likely because they expect a password length of 6!
Signed-off-by: sawadashota <[email protected]>
c59135d
to
d884fed
Compare
I fixed and some test cases are passed. Failed cases seem to be also fail at master branch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I opened #2018 to fix all CI issues, will merge this once everything is ✔️
@@ -222,7 +222,7 @@ context('2FA lookup secrets', () => { | |||
|
|||
it('should fail to set up totp if verify code is wrong', () => { | |||
cy.visit(settings) | |||
cy.get('input[name="totp_code"]').type('123456') | |||
cy.get('input[name="totp_code"]').type('12345678') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume this would not fail with this change, but doesn't matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, thank you! 🙏
Thanks again 👍 |
Kratos follows [NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers](https://pages.nist.gov/800-63-3/sp800-63b.html) and [password policy](https://www.ory.sh/kratos/docs/concepts/security#password-policy) says > Passwords must have a minimum length of 8 characters and all characters (unicode, ASCII) must be allowed. Signed-off-by: sawadashota <[email protected]> Co-authored-by: Patrik <[email protected]>
Related issue(s)
Kratos follows NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers and password policy says
but currently Kratos requires 6 chars minimum. So I fixed to 8 chars.
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments