increase password requirements

onyx-dot-app · Dec 13, 2024 · e6f9466 · e6f9466
1 parent c69b7fc
commit e6f9466
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 2 deletions.
diff --git a/backend/danswer/auth/users.py b/backend/danswer/auth/users.py
@@ -280,6 +280,35 @@ async def create(
 
             return user
 
+    async def validate_password(self, password: str, _: schemas.UC | models.UP) -> None:
+        # Validate password according to basic security guidelines
+        if len(password) < 12:
+            raise exceptions.InvalidPasswordException(
+                reason="Password must be at least 12 characters long."
+            )
+        if len(password) > 64:
+            raise exceptions.InvalidPasswordException(
+                reason="Password must not exceed 64 characters."
+            )
+        if not any(char.isupper() for char in password):
+            raise exceptions.InvalidPasswordException(
+                reason="Password must contain at least one uppercase letter."
+            )
+        if not any(char.islower() for char in password):
+            raise exceptions.InvalidPasswordException(
+                reason="Password must contain at least one lowercase letter."
+            )
+        if not any(char.isdigit() for char in password):
+            raise exceptions.InvalidPasswordException(
+                reason="Password must contain at least one number."
+            )
+        if not any(char in "!@#$%^&*()_+-=[]{}|;:,.<>?" for char in password):
+            raise exceptions.InvalidPasswordException(
+                reason="Password must contain at least one special character (!@#$%^&*()_+-=[]{}|;:,.<>?)."
+            )
+
+        return
+
     async def oauth_callback(
         self,
         oauth_name: str,

diff --git a/backend/danswer/server/manage/get_state.py b/backend/danswer/server/manage/get_state.py
@@ -17,6 +17,7 @@ def healthcheck() -> StatusResponse:
 
 @router.get("/auth/type")
 def get_auth_type() -> AuthTypeResponse:
+    print("AUTH_TYPE", AUTH_TYPE)
     return AuthTypeResponse(
         auth_type=AUTH_TYPE, requires_verification=user_needs_to_be_verified()
     )

diff --git a/web/src/app/auth/login/EmailPasswordForm.tsx b/web/src/app/auth/login/EmailPasswordForm.tsx
@@ -9,6 +9,7 @@ import * as Yup from "yup";
 import { requestEmailVerification } from "../lib";
 import { useState } from "react";
 import { Spinner } from "@/components/Spinner";
+import { set } from "lodash";
 
 export function EmailPasswordForm({
   isSignup = false,
@@ -47,10 +48,13 @@ export function EmailPasswordForm({
             );
 
             if (!response.ok) {
+              setIsWorking(false);
               const errorDetail = (await response.json()).detail;
-
               let errorMsg = "Unknown error";
-              if (errorDetail === "REGISTER_USER_ALREADY_EXISTS") {
+              console.log("errorDetail", errorDetail);
+              if (typeof errorDetail === "object") {
+                errorMsg = errorDetail.reason;
+              } else if (errorDetail === "REGISTER_USER_ALREADY_EXISTS") {
                 errorMsg =
                   "An account already exists with the specified email.";
               }

diff --git a/web/src/app/auth/signup/page.tsx b/web/src/app/auth/signup/page.tsx
@@ -49,6 +49,7 @@ const Page = async (props: {
     }
     return redirect("/auth/waiting-on-verification");
   }
+  console.log("authTypeMetadata", authTypeMetadata);
   const cloud = authTypeMetadata?.authType === "cloud";
 
   // only enable this page if basic login is enabled