From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 102A41FF15E for ; Fri, 4 Oct 2024 15:41:18 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E0791F9BB; Fri, 4 Oct 2024 15:41:39 +0200 (CEST) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Fri, 4 Oct 2024 15:40:53 +0200 Message-Id: <20241004134054.263913-3-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241004134054.263913-1-s.sterz@proxmox.com> References: <20241004134054.263913-1-s.sterz@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.045 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 2/3] api: enforce minimum character limit of 8 on new passwords X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" we already have two different password schemas, `PBS_PASSWORD_SCHEMA` being the stricter one, which ensures a minimum length of new passwords. however, this wasn't used on the change password endpoint before, so add it there too. this is also in-line with NIST's latest recommendations [1]. [1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver Signed-off-by: Shannon Sterz --- pbs-api-types/src/lib.rs | 2 +- src/api2/access/mod.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs index 635292a5..acc2e65a 100644 --- a/pbs-api-types/src/lib.rs +++ b/pbs-api-types/src/lib.rs @@ -208,7 +208,7 @@ pub const OPENSSL_CIPHERS_TLS_1_3_SCHEMA: Schema = pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.") .format(&PASSWORD_FORMAT) - .min_length(5) + .min_length(8) .max_length(64) .schema(); diff --git a/src/api2/access/mod.rs b/src/api2/access/mod.rs index a60f0f86..832cdc66 100644 --- a/src/api2/access/mod.rs +++ b/src/api2/access/mod.rs @@ -13,7 +13,7 @@ use proxmox_schema::api; use proxmox_sortable_macro::sortable; use pbs_api_types::{ - Authid, User, Userid, ACL_PATH_SCHEMA, PASSWORD_FORMAT, PASSWORD_SCHEMA, PRIVILEGES, + Authid, User, Userid, ACL_PATH_SCHEMA, PASSWORD_FORMAT, PBS_PASSWORD_SCHEMA, PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT, }; use pbs_config::acl::AclTreeNode; @@ -75,7 +75,7 @@ async fn user_update_auth>( type: Userid, }, password: { - schema: PASSWORD_SCHEMA, + schema: PBS_PASSWORD_SCHEMA, }, "confirmation-password": { type: String, -- 2.39.5 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel