Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passwords do not have any length or character requirements #4142

Closed
bjester opened this issue Jun 14, 2023 · 5 comments · Fixed by #4353
Closed

Passwords do not have any length or character requirements #4142

bjester opened this issue Jun 14, 2023 · 5 comments · Fixed by #4353
Assignees
@AlexVelezLl
Labels
DEV: backend DEV: frontend P0 - critical Priority: Release blocker or regression TAG: tech update / debt TAG: user strings TAG: ux update
Milestone
Studio: Bulk Edit...

Comments

@bjester
Copy link
Member

bjester commented Jun 14, 2023

Observed behavior

An account was created in the hotfixes server environment with a password of a.

Expected behavior

We should have a basic minimum length threshold for passwords, at the very least. In development mode, the password a should still work.

User-facing consequences

Shorter passwords are easier to breach and Studio is an online platform where it's important to have this.
@cerdo03
Copy link
Contributor

cerdo03 commented Dec 8, 2023
edited
Loading

Hi, I wanted to pick up this issue, can you guide me how can I check if it is development mode so that the password validation is not valid for dev server?

@cerdo03 cerdo03 mentioned this issue Dec 8, 2023
Merged
24 tasks
@cerdo03
Copy link
Contributor

cerdo03 commented Dec 8, 2023

Are there any other validations that need to be implemented?

@MisRob
Copy link
Member

MisRob commented Dec 12, 2023

Thank you, @cerdo03! We will review.

@bjester
Copy link
Member Author

bjester commented Dec 13, 2023

Are there any other validations that need to be implemented?

@cerdo03 Adding a length check to the backend would also be worthwhile, if you're familiar with python/django. Otherwise, no worries about that.

@bjester bjester mentioned this issue Dec 13, 2023
Open
@cerdo03
Copy link
Contributor

cerdo03 commented Dec 13, 2023

Yeah I am familiar with django, I'll implement the password validation and raise the updated PR soon. Thanks for the review.

@marcellamaki marcellamaki added this to the Studio Q4-23/Q1-24 Patch milestone Jan 3, 2024
@AlexVelezLl AlexVelezLl self-assigned this Aug 8, 2024
@akolson akolson mentioned this issue Aug 13, 2024
Merged
@akolson akolson mentioned this issue Oct 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexVelezLl AlexVelezLl

Labels
DEV: backend DEV: frontend P0 - critical Priority: Release blocker or regression TAG: tech update / debt TAG: user strings TAG: ux update
Projects
None yet
Milestone
Studio: Bulk Editing Release
Development

Successfully merging a pull request may close this issue.

Implement minimum length for passwords in account creation cerdo03/studio
5 participants
@bjester @MisRob @marcellamaki @AlexVelezLl @cerdo03