Merge #2500
2500: Password policy enforcement r=mergify[bot] a=nextgens ## What type of PR? Feature ## What does this PR do? It enforces that all new passwords set by users are at least 8 characters in length and checks all users' passwords at login time against HIBP. The HIBP part requires javascript and Mailu to be accessed over HTTPS to work but degrades gracefully (no message will be shown if the requirements are not met). It was a conscious choice to implement it at this level: administrators can set weaker passwords using non-HTTP based interfaces. ### Related issue(s) - close #2208 - close #287 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>main
commit
896e7fb54b
@ -0,0 +1 @@
|
|||||||
|
Implement a minimum length for passwords of 8 characters. Check passwords upon login against HaveIBeenPwned and warn users if their passwords are compromised.
|
Loading…
Reference in New Issue