feat: enforce minimum password length of 8 characters with warning#1906
Open
jlima8900 wants to merge 8 commits intoKeeper-Security:releasefrom
Open
feat: enforce minimum password length of 8 characters with warning#1906jlima8900 wants to merge 8 commits intoKeeper-Security:releasefrom
jlima8900 wants to merge 8 commits intoKeeper-Security:releasefrom
Conversation
jlima8900
force-pushed
the
feat/password-generator-minimum-pr1874
branch
from
85aca92 to
20df48b
Compare
Contributor
Author
|
@aaunario — ready for review. Min password length enforcement with 9 unit tests. Contract change documented in PR description. |
jlima8900
force-pushed
the
feat/password-generator-minimum-pr1874
branch
2 times, most recently
from
926a79e to
aa304ed
Compare
* Added full terminal reset after ssh session exit (clears scrollback etc.) * Fixes randomly eaten first characters typed after ssh session exit (stdin race condition) * Fixed random duplicate typed characters (echo)
Keeper-Security#1908) - Added `move` to the list of `apply-action` choices, which will move all returned users to a node - specified with `target-node` - Added `all` to the list of `status` choices, returning invited, active and locked users with `d=0` - Fixed an issue where the users updated with `apply-action` are not the same as those filtered with the `node` argument. - Fixed a potential unwanted behavior where the `node` argument returns a recursive node and subnodes search, preventing you from applying actions to a specific node if it has subnodes. By default, using the `node` argument will only return result from the specified node. - Added a `recursive` argument to replicate the old behavior with `node` filter.
- Clamp password length to 8-200 range with warnings - Update help text: rand length: 8-200 (default 20) - Add tests for zero length, above-200, and at-200 edge cases
jlima8900
force-pushed
the
feat/password-generator-minimum-pr1874
branch
from
aa304ed to
429ef25
Compare
sk-keeper
force-pushed
the
release
branch
3 times, most recently
from
442d7af to
9ec9b7a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
$GENlocal record-field helper$GEN:rand,<8>now clamps to 8 with alogging.warninginstead of silently accepting values as low as 1Contract change
This is an intentional policy change:
generate_password()no longer honors explicit$GEN:rand,<N>requests where N < 8. Values below 8 are clamped to 8 with a warning. This prevents accidental creation of trivially weak passwords. The enterprise password-rule enforcement path (PasswordRule/DomainPasswordRulesRequest) is unaffected — this only applies to the local$GENrecord-field helper.Test plan
$GEN:rand,4and$GEN:rand,6clamp to length 8 with warning$GEN:rand,8produces length 8 with no warning$GEN:rand,24produces length 24 (no clamp)$GEN(no params) and$GEN:randproduce length 20$GEN:dice,5and$GEN:cryptobehavior unchangedtest_password_generator.py