Skip to content

Ensure complexity, minlength and ispwned are checked on password setting (#18005) #18015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 17, 2021
Merged

Ensure complexity, minlength and ispwned are checked on password setting (#18005) #18015

merged 1 commit into from
Dec 17, 2021

Conversation

zeripath
Copy link
Contributor

@zeripath zeripath commented Dec 17, 2021
edited
Loading

Backport #18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977
Fix #18036

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath @wxiaoguang
Ensure complexity, minlength and ispwned are checked on password sett…
3338125 
…ing (go-gitea#18005)

Backport go-gitea#18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix go-gitea#17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@zeripath zeripath added this to the 1.15.8 milestone Dec 17, 2021
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 17, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 17, 2021
@zeripath zeripath merged commit 2051f85 into go-gitea:release/v1.15 Dec 17, 2021
@zeripath zeripath deleted the backport-18005-v1.15 branch December 17, 2021 21:25
zeripath added a commit to zeripath/gitea that referenced this pull request Dec 19, 2021
@zeripath
Changelog 1.15.8
6b6e5a3 
 ## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19

* BUGFIXES
  * Reset locale on login (go-gitea#18023) (go-gitea#18025)
  * Fix reset password email template (go-gitea#17025) (go-gitea#18022)
  * Fix outType on gitea dump (go-gitea#18000) (go-gitea#18016)
  * Ensure complexity, minlength and isPwned are checked on password setting (go-gitea#18005) (go-gitea#18015)
  * Fix rename notification bug (go-gitea#18011)
  * Prevent double decoding of % in url params  (go-gitea#17997) (go-gitea#18001)
  * Prevent hang in git cat-file if the repository is not a valid repository (Partial go-gitea#17991) (go-gitea#17992)
  * Prevent deadlock in create issue (go-gitea#17970) (go-gitea#17982)
* TESTING
  * Use non-expiring key. (go-gitea#17984) (go-gitea#17985)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Dec 19, 2021
Merged
@zeripath zeripath linked an issue Dec 20, 2021 that may be closed by this pull request
A Logic Error When the Administritor Create New Users #17977
Closed
@zeripath zeripath mentioned this pull request Dec 20, 2021
Closed
lafriks pushed a commit that referenced this pull request Dec 20, 2021
@zeripath @6543
Changelog 1.15.8 (#18026)
6081948 
## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19

* BUGFIXES
  * Reset locale on login (#18023) (#18025)
  * Fix reset password email template (#17025) (#18022)
  * Fix outType on gitea dump (#18000) (#18016)
  * Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
  * Fix rename notification bug (#18011)
  * Prevent double decoding of % in url params  (#17997) (#18001)
  * Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
  * Prevent deadlock in create issue (#17970) (#17982)
* TESTING
  * Use non-expiring key. (#17984) (#17985)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: 6543 <6543@obermui.de>
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Dec 22, 2021
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silverwind silverwind silverwind approved these changes

+1 more reviewer

@Gusted Gusted Gusted approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.15.8
Development

Successfully merging this pull request may close these issues.

A Logic Error When the Administritor Create New Users
4 participants
@zeripath @silverwind @Gusted @GiteaBot