Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: password policies #30270

Merged
merged 25 commits into from
Sep 14, 2023
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
2e419c7
create new class and implementations
felipe-rod123 Sep 4, 2023
0ae52ed
fix: :test_tube: Imrpoving test and necessary files
hugocostadev Sep 4, 2023
e65b957
fixing CI
hugocostadev Sep 4, 2023
9856456
Revert "fixing CI"
hugocostadev Sep 4, 2023
3c299d6
improving code and adding unit test to CI
hugocostadev Sep 4, 2023
11dfd0e
removing old tests
hugocostadev Sep 4, 2023
5e0f712
fix: fix typings
MarcosSpessatto Sep 4, 2023
3b56772
ci: add missing dep to dockerfile
MarcosSpessatto Sep 4, 2023
03e9706
fix: fix typings
MarcosSpessatto Sep 4, 2023
9f0186e
Merge branch 'develop' into chore/password-policies-new
hugocostadev Sep 5, 2023
a36be78
password policies refactor
hugocostadev Sep 6, 2023
6d1dc19
removing comments
hugocostadev Sep 6, 2023
e10bd4e
Merge branch 'develop' into chore/password-policies-new
hugocostadev Sep 6, 2023
e1b980d
fixing error return
hugocostadev Sep 8, 2023
6b2ad46
fixing storybook story
hugocostadev Sep 8, 2023
09cad9f
Merge branch 'develop' into chore/password-policies-new
hugocostadev Sep 8, 2023
cf1480f
setting translations to storybook
hugocostadev Sep 8, 2023
db2391b
Merge remote-tracking branch 'origin/develop' into chore/password-pol…
hugocostadev Sep 8, 2023
12ff5ab
Update packages/password-policies/src/index.ts
hugocostadev Sep 11, 2023
3407344
fix: :zap: code review fixes
hugocostadev Sep 11, 2023
3252f3e
Merge branch 'develop' into chore/password-policies-new
hugocostadev Sep 11, 2023
13997eb
removing comments
hugocostadev Sep 11, 2023
2063457
Merge branch 'chore/password-policies-new' of github.com:RocketChat/R…
hugocostadev Sep 11, 2023
b927e81
fixing lint
hugocostadev Sep 11, 2023
d282875
Merge branch 'develop' into chore/password-policies-new
kodiakhq[bot] Sep 13, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion apps/meteor/app/lib/server/functions/saveUser.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import * as Mailer from '../../../mailer/server/api';
import { settings } from '../../../settings/server';
import { safeGetMeteorUser } from '../../../utils/server/functions/safeGetMeteorUser';
import { validateEmailDomain } from '../lib';
import { generatePassword } from '../lib/generatePassword';
import { passwordPolicy } from '../lib/passwordPolicy';
import { checkEmailAvailability } from './checkEmailAvailability';
import { checkUsernameAvailability } from './checkUsernameAvailability';
Expand Down Expand Up @@ -344,7 +345,7 @@ export const saveUser = async function (userId, userData) {

if (userData.hasOwnProperty('setRandomPassword')) {
if (userData.setRandomPassword) {
userData.password = passwordPolicy.generatePassword();
userData.password = generatePassword();
userData.requirePasswordChange = true;
sendPassword = true;
}
Expand Down
31 changes: 31 additions & 0 deletions apps/meteor/app/lib/server/lib/generatePassword.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
import generator from 'generate-password';

import { passwordPolicy } from './passwordPolicy';

export const generatePassword = (): string => {
const policies = passwordPolicy.getPasswordPolicy();

const maxLength: number = (policies.policy.find(([key]) => key === 'get-password-policy-maxLength')?.[1]?.maxLength as number) || -1;
const minLength: number = (policies.policy.find(([key]) => key === 'get-password-policy-minLength')?.[1]?.minLength as number) || -1;

const length = Math.min(Math.max(minLength, 12), maxLength > 0 ? maxLength : Number.MAX_SAFE_INTEGER);

if (policies.enabled) {
for (let i = 0; i < 10; i++) {
const password = generator.generate({
length,
...(policies.policy && { numbers: true }),
...(policies.policy.some(([key]) => key === 'get-password-policy-mustContainAtLeastOneSpecialCharacter') && { symbols: true }),
...(policies.policy.some(([key]) => key === 'get-password-policy-mustContainAtLeastOneLowercase') && { lowercase: true }),
...(policies.policy.some(([key]) => key === 'get-password-policy-mustContainAtLeastOneUppercase') && { uppercase: true }),
strict: true,
});

if (passwordPolicy.validate(password)) {
return password;
}
}
}

return generator.generate({ length: 17 });
};
32 changes: 0 additions & 32 deletions apps/meteor/app/lib/server/lib/passwordPolicy.js

This file was deleted.

162 changes: 162 additions & 0 deletions apps/meteor/app/lib/server/lib/passwordPolicy.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
import { PasswordPolicy } from '@rocket.chat/password-policies';

import { settings } from '../../../settings/server';

let enabled = false;
let minLength = -1;
let maxLength = -1;
let forbidRepeatingCharacters = false;
let forbidRepeatingCharactersCount = 3;
let mustContainAtLeastOneLowercase = false;
let mustContainAtLeastOneUppercase = false;
let mustContainAtLeastOneNumber = false;
let mustContainAtLeastOneSpecialCharacter = false;

export let passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});

settings.watch('Accounts_Password_Policy_Enabled', (value) => {
enabled = Boolean(value);
passwordPolicy = new PasswordPolicy({
hugocostadev marked this conversation as resolved.
Show resolved Hide resolved
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_MinLength', (value) => {
minLength = Number(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_MaxLength', (value) => {
maxLength = Number(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_ForbidRepeatingCharacters', (value) => {
forbidRepeatingCharacters = Boolean(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_ForbidRepeatingCharactersCount', (value) => {
forbidRepeatingCharactersCount = Number(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_AtLeastOneLowercase', (value) => {
mustContainAtLeastOneLowercase = Boolean(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_AtLeastOneUppercase', (value) => {
mustContainAtLeastOneUppercase = Boolean(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_AtLeastOneNumber', (value) => {
mustContainAtLeastOneNumber = Boolean(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
settings.watch('Accounts_Password_Policy_AtLeastOneSpecialCharacter', (value) => {
mustContainAtLeastOneSpecialCharacter = Boolean(value);
passwordPolicy = new PasswordPolicy({
enabled,
minLength,
maxLength,
forbidRepeatingCharacters,
forbidRepeatingCharactersCount,
mustContainAtLeastOneLowercase,
mustContainAtLeastOneUppercase,
mustContainAtLeastOneNumber,
mustContainAtLeastOneSpecialCharacter,
throwError: true,
});
});
1 change: 1 addition & 0 deletions apps/meteor/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,7 @@
"@rocket.chat/mp3-encoder": "0.24.0",
"@rocket.chat/omnichannel-services": "workspace:^",
"@rocket.chat/onboarding-ui": "next",
"@rocket.chat/password-policies": "workspace:^",
"@rocket.chat/pdf-worker": "workspace:^",
"@rocket.chat/poplib": "workspace:^",
"@rocket.chat/presence": "workspace:^",
Expand Down
5 changes: 4 additions & 1 deletion apps/meteor/server/methods/getPasswordPolicy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ Meteor.methods<ServerMethods>({
method: 'getPasswordPolicy',
});
}
return passwordPolicy.getPasswordPolicy();
return passwordPolicy.getPasswordPolicy() as {
enabled: boolean;
policy: [name: TranslationKey, options?: Record<string, unknown>][];
};
},
});
10 changes: 10 additions & 0 deletions apps/meteor/server/settings/accounts.ts
Original file line number Diff line number Diff line change
Expand Up @@ -745,50 +745,60 @@ export const createAccountSettings = () =>
await this.section('Password_Policy', async function () {
await this.add('Accounts_Password_Policy_Enabled', false, {
type: 'boolean',
public: true,
});

const enableQuery = {
_id: 'Accounts_Password_Policy_Enabled',
value: true,
public: true,
};

await this.add('Accounts_Password_Policy_MinLength', 7, {
type: 'int',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_MaxLength', -1, {
type: 'int',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_ForbidRepeatingCharacters', true, {
type: 'boolean',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_ForbidRepeatingCharactersCount', 3, {
type: 'int',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_AtLeastOneLowercase', true, {
type: 'boolean',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_AtLeastOneUppercase', true, {
type: 'boolean',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_AtLeastOneNumber', true, {
type: 'boolean',
public: true,
enableQuery,
});

await this.add('Accounts_Password_Policy_AtLeastOneSpecialCharacter', true, {
type: 'boolean',
public: true,
enableQuery,
});
});
Expand Down
Loading