highperfocused/danswer
1
0
Fork 0
mirror of https://github.com/danswer-ai/danswer.git synced 2025-07-07 21:20:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Increase password requirements

Browse Source
This commit is contained in:
pablodanswer
2024-12-15 16:28:45 -08:00
parent 814f97c2c7
commit 334bc6be8c
6 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
backend/onyx/auth/users.py
View File

@ -73,6 +73,7 @@ from onyx.configs.constants import AuthType
from onyx.configs.constants import DANSWER_API_KEY_DUMMY_EMAIL_DOMAIN from onyx.configs.constants import DANSWER_API_KEY_DUMMY_EMAIL_DOMAIN
from onyx.configs.constants import DANSWER_API_KEY_PREFIX from onyx.configs.constants import DANSWER_API_KEY_PREFIX
from onyx.configs.constants import MilestoneRecordType from onyx.configs.constants import MilestoneRecordType
from onyx.configs.constants import PASSWORD_SPECIAL_CHARS
from onyx.configs.constants import UNNAMED_KEY_PLACEHOLDER from onyx.configs.constants import UNNAMED_KEY_PLACEHOLDER
from onyx.db.api_key import fetch_user_for_api_key from onyx.db.api_key import fetch_user_for_api_key
from onyx.db.auth import get_access_token_db from onyx.db.auth import get_access_token_db
@ -302,6 +303,36 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
return user return user
async def validate_password(self, password: str, _: schemas.UC | models.UP) -> None:
# Validate password according to basic security guidelines
if len(password) < 12:
raise exceptions.InvalidPasswordException(
reason="Password must be at least 12 characters long."
)
if len(password) > 64:
raise exceptions.InvalidPasswordException(
reason="Password must not exceed 64 characters."
)
if not any(char.isupper() for char in password):
raise exceptions.InvalidPasswordException(
reason="Password must contain at least one uppercase letter."
)
if not any(char.islower() for char in password):
raise exceptions.InvalidPasswordException(
reason="Password must contain at least one lowercase letter."
)
if not any(char.isdigit() for char in password):
raise exceptions.InvalidPasswordException(
reason="Password must contain at least one number."
)
if not any(char in PASSWORD_SPECIAL_CHARS for char in password):
raise exceptions.InvalidPasswordException(
reason="Password must contain at least one special character from the following set: "
f"{PASSWORD_SPECIAL_CHARS}."
)
return
async def oauth_callback( async def oauth_callback(
self, self,
oauth_name: str, oauth_name: str,

4
backend/onyx/configs/constants.py
View File

@ -173,6 +173,10 @@ class AuthType(str, Enum):
CLOUD = "cloud" CLOUD = "cloud"
# Special characters for password validation
PASSWORD_SPECIAL_CHARS = "!@#$%^&*()_+-=[]{}|;:,.<>?"
class SessionType(str, Enum): class SessionType(str, Enum):
CHAT = "Chat" CHAT = "Chat"
SEARCH = "Search" SEARCH = "Search"

1
backend/onyx/main.py
View File

@ -243,6 +243,7 @@ def get_application() -> FastAPI:
include_router_with_global_prefix_prepended(application, admin_query_router) include_router_with_global_prefix_prepended(application, admin_query_router)
include_router_with_global_prefix_prepended(application, admin_router) include_router_with_global_prefix_prepended(application, admin_router)
include_router_with_global_prefix_prepended(application, connector_router) include_router_with_global_prefix_prepended(application, connector_router)
include_router_with_global_prefix_prepended(application, user_router)
include_router_with_global_prefix_prepended(application, credential_router) include_router_with_global_prefix_prepended(application, credential_router)
include_router_with_global_prefix_prepended(application, cc_pair_router) include_router_with_global_prefix_prepended(application, cc_pair_router)
include_router_with_global_prefix_prepended(application, folder_router) include_router_with_global_prefix_prepended(application, folder_router)

2
backend/tests/integration/common_utils/managers/user.py
View File

@ -14,7 +14,7 @@ from tests.integration.common_utils.test_models import DATestUser
DOMAIN = "test.com" DOMAIN = "test.com"
DEFAULT_PASSWORD = "test" DEFAULT_PASSWORD = "TestPassword123!"
def build_email(name: str) -> str: def build_email(name: str) -> str:

7
web/src/app/auth/login/EmailPasswordForm.tsx
View File

@ -9,6 +9,7 @@ import * as Yup from "yup";
import { requestEmailVerification } from "../lib"; import { requestEmailVerification } from "../lib";
import { useState } from "react"; import { useState } from "react";
import { Spinner } from "@/components/Spinner"; import { Spinner } from "@/components/Spinner";
import { set } from "lodash";
export function EmailPasswordForm({ export function EmailPasswordForm({
isSignup = false, isSignup = false,
@ -47,10 +48,12 @@ export function EmailPasswordForm({
); );
if (!response.ok) { if (!response.ok) {
setIsWorking(false);
const errorDetail = (await response.json()).detail; const errorDetail = (await response.json()).detail;
let errorMsg = "Unknown error"; let errorMsg = "Unknown error";
if (errorDetail === "REGISTER_USER_ALREADY_EXISTS") { if (typeof errorDetail === "object" && errorDetail.reason) {
errorMsg = errorDetail.reason;
} else if (errorDetail === "REGISTER_USER_ALREADY_EXISTS") {
errorMsg = errorMsg =
"An account already exists with the specified email."; "An account already exists with the specified email.";
} }

2
web/tests/e2e/constants.js
View File

@ -1,4 +1,4 @@
export const TEST_CREDENTIALS = { export const TEST_CREDENTIALS = {
email: "admin_user@test.com", email: "admin_user@test.com",
password: "test", password: "TestPassword123!",
}; };