Skip to content

FOUR-11415 Password Policy Configuration #5682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 27, 2023
Merged

FOUR-11415 Password Policy Configuration #5682

merged 3 commits into from
Nov 27, 2023

Conversation

julceslauhub
Copy link
Contributor

@julceslauhub julceslauhub commented Nov 22, 2023
edited
Loading

Issue & Reproduction Steps

The passwords policies are not configurable

Solution

Added validations when the users login to the app

How to Test

Add in .env the next values:

PASSWORD_POLICY_NUMBERS=TRUE

PASSWORD_POLICY_UPPERCASE=TRUE

PASSWORD_POLICY_SPECIAL=TRUE

PASSWORD_POLICY_MINIMUM_LENGTH=8

PASSWORD_POLICY_MAXIMUM_LENGTH=12

PASSWORD_POLICY_LOGIN_ATTEMPTS=5

And validate when user login to the app

Related Tickets & Packages

Code Review Checklist

  • I have pulled this code locally and tested it on my instance, along with any associated packages.
  • This code adheres to ProcessMaker Coding Guidelines.
  • This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
  • This solution fixes the bug reported in the original ticket.
  • This solution does not alter the expected output of a component in a way that would break existing Processes.
  • This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
  • This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
  • This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
  • This ticket conforms to the PRD associated with this part of ProcessMaker.

@julceslauhub julceslauhub requested a review from caleeli November 22, 2023 14:15
caleeli
caleeli reviewed Nov 23, 2023
View reviewed changes
resources/views/shared/users/sidebar.blade.php Outdated
@@ -54,7 +54,7 @@
{!! Form::label('confPassword', __('Confirm Password')) !!}
{!! Form::password('confPassword', ['id' => 'confPassword', 'rows' => 4, 'class'=> 'form-control', 'v-model'
=> 'formData.confPassword', 'autocomplete' => 'new-password', 'v-bind:class' => '{\'form-control\':true, \'is-invalid\':errors.password}']) !!}
<div class="invalid-feedback" :style="{display: (errors.password) ? 'block' : 'none' }" role="alert" v-if="errors.password">@{{errors.password[0]}}</div>
<div class="invalid-feedback" :style="{display: (errors.password) ? 'block' : 'none' }" role="alert" v-for="(error, index) in errors.password">@{{error}}</div>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please split thi line in multiple lines to enhance readability

caleeli
caleeli requested changes Nov 23, 2023
View reviewed changes
Copy link
Contributor

@caleeli caleeli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@julceslauhub review or update the password related tests, so they pass accordingly to the new password policy

image

@processmaker-sonarqube ProcessMaker SonarQube
Copy link

processmaker-sonarqube bot commented Nov 24, 2023
edited
Loading

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@caleeli caleeli self-requested a review November 24, 2023 16:03
@caleeli caleeli merged commit e6f546f into feature/FOUR-11378 Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caleeli caleeli caleeli approved these changes

@boliviacoca boliviacoca boliviacoca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julceslauhub @caleeli @boliviacoca