From: Shannon Sterz <s.sterz@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/3] api: enforce minimum character limit of 8 on new passwords
Date: Fri, 4 Oct 2024 15:40:53 +0200 [thread overview]
Message-ID: <20241004134054.263913-3-s.sterz@proxmox.com> (raw)
In-Reply-To: <20241004134054.263913-1-s.sterz@proxmox.com>
we already have two different password schemas, `PBS_PASSWORD_SCHEMA`
being the stricter one, which ensures a minimum length of new
passwords. however, this wasn't used on the change password endpoint
before, so add it there too. this is also in-line with NIST's latest
recommendations [1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
pbs-api-types/src/lib.rs | 2 +-
src/api2/access/mod.rs | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs
index 635292a5..acc2e65a 100644
--- a/pbs-api-types/src/lib.rs
+++ b/pbs-api-types/src/lib.rs
@@ -208,7 +208,7 @@ pub const OPENSSL_CIPHERS_TLS_1_3_SCHEMA: Schema =
pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
.format(&PASSWORD_FORMAT)
- .min_length(5)
+ .min_length(8)
.max_length(64)
.schema();
diff --git a/src/api2/access/mod.rs b/src/api2/access/mod.rs
index a60f0f86..832cdc66 100644
--- a/src/api2/access/mod.rs
+++ b/src/api2/access/mod.rs
@@ -13,7 +13,7 @@ use proxmox_schema::api;
use proxmox_sortable_macro::sortable;
use pbs_api_types::{
- Authid, User, Userid, ACL_PATH_SCHEMA, PASSWORD_FORMAT, PASSWORD_SCHEMA, PRIVILEGES,
+ Authid, User, Userid, ACL_PATH_SCHEMA, PASSWORD_FORMAT, PBS_PASSWORD_SCHEMA, PRIVILEGES,
PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT,
};
use pbs_config::acl::AclTreeNode;
@@ -75,7 +75,7 @@ async fn user_update_auth<S: AsRef<str>>(
type: Userid,
},
password: {
- schema: PASSWORD_SCHEMA,
+ schema: PBS_PASSWORD_SCHEMA,
},
"confirmation-password": {
type: String,
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-10-04 13:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-04 13:40 [pbs-devel] [PATCH proxmox-backup 0/3] implement a minimum length of 8 characters for " Shannon Sterz
2024-10-04 13:40 ` [pbs-devel] [PATCH proxmox-backup 1/3] api: ignore password parameter in the update_user endpoint Shannon Sterz
2024-10-04 13:40 ` Shannon Sterz [this message]
2024-10-04 13:40 ` [pbs-devel] [PATCH proxmox-backup 3/3] ui: set min length for new passwords to 8 Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241004134054.263913-3-s.sterz@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox