Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[STORY-648] feat: raise DB user passwords minimum length to 24 #1077

Merged
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

### To be Released

* feat(database/users): raise minimum user password length to 24

### 1.33.0

* fix(one-off): remove async field from the run command ([PR#1060](https://github.com/Scalingo/cli/pull/1060))
Expand Down
4 changes: 2 additions & 2 deletions db/users/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func CreateUser(ctx context.Context, app, addonUUID, username string, readonly b
return nil
}

if usernameValidation, ok := isUsernameValid(username); !ok {
if usernameValidation, ok := IsUsernameValid(username); !ok {
io.Error(usernameValidation)
return nil
}
Expand Down Expand Up @@ -57,7 +57,7 @@ func CreateUser(ctx context.Context, app, addonUUID, username string, readonly b
isPasswordGenerated := false
if password == "" {
isPasswordGenerated = true
password = gopassword.Generate(64)
password = gopassword.Generate()
confirmedPassword = password
}

Expand Down
2 changes: 1 addition & 1 deletion db/users/update_password.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ func UpdateUserPassword(ctx context.Context, app, addonUUID, username string) er
return nil
}

if usernameValidation, ok := isUsernameValid(username); !ok {
if usernameValidation, ok := IsUsernameValid(username); !ok {
io.Error(usernameValidation)
return nil
}
Expand Down
12 changes: 6 additions & 6 deletions db/users/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func askForPasswordWithRetry(ctx context.Context, remainingRetries int) (string,
return "", "", errors.Wrap(ctx, err, "ask for password")
}

passwordValidation, ok := isPasswordValid(password, confirmedPassword)
passwordValidation, ok := IsPasswordValid(password, confirmedPassword)
if !ok {
if remainingRetries == 1 {
return "", "", errors.Newf(ctx, "%s. Too many retries", passwordValidation)
Expand Down Expand Up @@ -79,23 +79,23 @@ func askForPassword(ctx context.Context) (string, string, error) {
return string(password), string(confirmedPassword), nil
}

func isPasswordValid(password, confirmedPassword string) (string, bool) {
func IsPasswordValid(password, confirmedPassword string) (string, bool) {
if password == "" && confirmedPassword == "" {
return "", true
}

if password != confirmedPassword {
return "Password confirmation doesn't match", false
}
if len(password) < 8 || len(password) > 64 {
return "Password must contain between 8 and 64 characters", false
if len(password) < 24 || len(password) > 64 {
return "Password must contain between 24 and 64 characters", false
}
return "", true
}

func isUsernameValid(username string) (string, bool) {
func IsUsernameValid(username string) (string, bool) {
if len(username) < 6 || len(username) > 32 {
return "name must contain between 6 and 32 characters", false
return "Name must contain between 6 and 32 characters", false
}
return "", true
}
107 changes: 107 additions & 0 deletions db/users/utils_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
package users_test
sc-david-voisin marked this conversation as resolved.
Show resolved Hide resolved

import (
"testing"

"github.com/stretchr/testify/assert"

"github.com/Scalingo/cli/db/users"
)

func Test_IsPasswordValid(t *testing.T) {
testPasswords := map[string]struct {
password string
confirmation string
expectedValidity bool
expectedMessage string
}{
"empty": {
password: "",
confirmation: "",
expectedValidity: true,
expectedMessage: "",
},
"confirmation doesn't match": {
password: "abc",
confirmation: "aBc",
expectedValidity: false,
expectedMessage: "Password confirmation doesn't match",
},
"too short": {
password: "123456789a123456789b123",
confirmation: "123456789a123456789b123",
expectedValidity: false,
expectedMessage: "Password must contain between 24 and 64 characters",
},
"too long": {
password: "123456789a123456789b123456789c123456789d123456789e123456789f12345",
confirmation: "123456789a123456789b123456789c123456789d123456789e123456789f12345",
expectedValidity: false,
expectedMessage: "Password must contain between 24 and 64 characters",
},
"valid, short password": {
password: "123456789a123456789b1234",
confirmation: "123456789a123456789b1234",
expectedValidity: true,
expectedMessage: "",
},
"valid, log password ": {
password: "123456789a123456789b123456789c123456789d123456789e123456789f1234",
confirmation: "123456789a123456789b123456789c123456789d123456789e123456789f1234",
expectedValidity: true,
expectedMessage: "",
},
}

for name, testCase := range testPasswords {
t.Run(name, func(t *testing.T) {
message, isValid := users.IsPasswordValid(testCase.password, testCase.confirmation)

assert.Equal(t, testCase.expectedValidity, isValid)
assert.Equal(t, testCase.expectedMessage, message)
})
}
}

func Test_IsUsernameValid(t *testing.T) {
testPasswords := map[string]struct {
username string
expectedValidity bool
expectedMessage string
}{
"empty": {
username: "",
expectedValidity: false,
expectedMessage: "Name must contain between 6 and 32 characters",
},
"too short": {
username: "12345",
expectedValidity: false,
expectedMessage: "Name must contain between 6 and 32 characters",
},
"too long": {
username: "123456789a123456789b123456789c123",
expectedValidity: false,
expectedMessage: "Name must contain between 6 and 32 characters",
},
"valid, short username": {
username: "123456",
expectedValidity: true,
expectedMessage: "",
},
"valid, long username": {
username: "123456789a123456789b123456789c12",
expectedValidity: true,
expectedMessage: "",
},
}

for name, testCase := range testPasswords {
t.Run(name, func(t *testing.T) {
message, isValid := users.IsUsernameValid(testCase.username)

assert.Equal(t, testCase.expectedValidity, isValid)
assert.Equal(t, testCase.expectedMessage, message)
})
}
}
Loading