* [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords
@ 2024-10-04 13:32 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
this series pushes the minimum of 5 characters up to at least 8 for pve.
this puts our password policy in line with NIST's latest recommendation
[1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
pve-manager:
Shannon Sterz (1):
ui: workspace/user view: change password minimum length to 8
www/manager6/Workspace.js | 1 +
www/manager6/dc/UserEdit.js | 2 +-
www/manager6/dc/UserView.js | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
proxmox-widget-toolkit:
Shannon Sterz (1):
password edit: add a minimum length parameter
src/window/PasswordEdit.js | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
pve-access-control:
Shannon Sterz (1):
api: enforce a minimum length of 8 on new passwords
src/PVE/API2/AccessControl.pm | 2 +-
src/PVE/API2/User.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Summary over all repositories:
6 files changed, 12 insertions(+), 4 deletions(-)
--
Generated by git-murpp 0.5.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
this only impacts new passwords
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
www/manager6/Workspace.js | 1 +
www/manager6/dc/UserEdit.js | 2 +-
www/manager6/dc/UserView.js | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/www/manager6/Workspace.js b/www/manager6/Workspace.js
index 52c66108c..ca451fc3e 100644
--- a/www/manager6/Workspace.js
+++ b/www/manager6/Workspace.js
@@ -383,6 +383,7 @@ Ext.define('PVE.StdWorkspace', {
var win = Ext.create('Proxmox.window.PasswordEdit', {
userid: Proxmox.UserName,
confirmCurrentPassword: Proxmox.UserName !== 'root@pam',
+ minLength: 8,
});
win.show();
},
diff --git a/www/manager6/dc/UserEdit.js b/www/manager6/dc/UserEdit.js
index ad52edf00..eee8bc2b2 100644
--- a/www/manager6/dc/UserEdit.js
+++ b/www/manager6/dc/UserEdit.js
@@ -36,7 +36,7 @@ Ext.define('PVE.dc.UserEdit', {
pwfield = Ext.createWidget('textfield', {
inputType: 'password',
fieldLabel: gettext('Password'),
- minLength: 5,
+ minLength: 8,
name: 'password',
disabled: true,
hidden: true,
diff --git a/www/manager6/dc/UserView.js b/www/manager6/dc/UserView.js
index 12c3e8546..82bd2ee7c 100644
--- a/www/manager6/dc/UserView.js
+++ b/www/manager6/dc/UserView.js
@@ -72,6 +72,7 @@ Ext.define('PVE.dc.UserView', {
userid: rec.data.userid,
confirmCurrentPassword: Proxmox.UserName !== 'root@pam',
autoShow: true,
+ minLength: 8,
listeners: {
destroy: () => reload(),
},
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-11-11 20:38 ` [pve-devel] applied: " Thomas Lamprecht
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
3 siblings, 1 reply; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
so products can independently specify the minimum length of new
passwords
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/window/PasswordEdit.js | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/window/PasswordEdit.js b/src/window/PasswordEdit.js
index bc54b8d..e012a0d 100644
--- a/src/window/PasswordEdit.js
+++ b/src/window/PasswordEdit.js
@@ -12,6 +12,10 @@ Ext.define('Proxmox.window.PasswordEdit', {
labelWidth: 150,
},
+ // specifies the minimum length of *new* passwords so this can be
+ // adapted by each product as limits are changed there.
+ minLength: 5,
+
// allow products to opt-in as their API gains support for this.
confirmCurrentPassword: false,
@@ -33,13 +37,15 @@ Ext.define('Proxmox.window.PasswordEdit', {
xtype: 'textfield',
inputType: 'password',
fieldLabel: gettext('New Password'),
- minLength: 5,
allowBlank: false,
name: 'password',
listeners: {
change: (field) => field.next().validate(),
blur: (field) => field.next().validate(),
},
+ cbind: {
+ minLength: '{minLength}',
+ },
},
{
xtype: 'textfield',
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
3 siblings, 0 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
when creating new users or updating existing passwords this new
minimum is enforced which aligns with NIST's latest recommendations
[1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/PVE/API2/AccessControl.pm | 2 +-
src/PVE/API2/User.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index c55a7b3..1e6e011 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -341,7 +341,7 @@ __PACKAGE__->register_method ({
password => {
description => "The new password.",
type => 'string',
- minLength => 5,
+ minLength => 8,
maxLength => 64,
},
'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA,
diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 489d34f..535e58e 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -272,7 +272,7 @@ __PACKAGE__->register_method ({
description => "Initial password.",
type => 'string',
optional => 1,
- minLength => 5,
+ minLength => 8,
maxLength => 64
},
groups => get_standard_option('group-list'),
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied: [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
@ 2024-11-11 20:38 ` Thomas Lamprecht
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2024-11-11 20:38 UTC (permalink / raw)
To: Proxmox VE development discussion, Shannon Sterz
Am 04.10.24 um 15:32 schrieb Shannon Sterz:
> so products can independently specify the minimum length of new
> passwords
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
> src/window/PasswordEdit.js | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>
applied this one, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
` (2 preceding siblings ...)
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
@ 2024-11-11 22:11 ` Thomas Lamprecht
3 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2024-11-11 22:11 UTC (permalink / raw)
To: Proxmox VE development discussion, Shannon Sterz
Am 04.10.24 um 15:32 schrieb Shannon Sterz:
> this series pushes the minimum of 5 characters up to at least 8 for pve.
> this puts our password policy in line with NIST's latest recommendation
> [1].
>
> [1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
>
> pve-manager:
>
> Shannon Sterz (1):
> ui: workspace/user view: change password minimum length to 8
>
> www/manager6/Workspace.js | 1 +
> www/manager6/dc/UserEdit.js | 2 +-
> www/manager6/dc/UserView.js | 1 +
> 3 files changed, 3 insertions(+), 1 deletion(-)
>
>
> proxmox-widget-toolkit:
>
> Shannon Sterz (1):
> password edit: add a minimum length parameter
>
> src/window/PasswordEdit.js | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>
> pve-access-control:
>
> Shannon Sterz (1):
> api: enforce a minimum length of 8 on new passwords
>
> src/PVE/API2/AccessControl.pm | 2 +-
> src/PVE/API2/User.pm | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>
> Summary over all repositories:
> 6 files changed, 12 insertions(+), 4 deletions(-)
>
> --
> Generated by git-murpp 0.5.0
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
applied the remaining two patches now too, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-11-11 22:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
2024-11-11 20:38 ` [pve-devel] applied: " Thomas Lamprecht
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox