Add the minimum password length requirements (#610)

someengineering · Sep 3, 2024 · 5f3ae90 · 5f3ae90
1 parent b1ed287
commit 5f3ae90
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 10 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -8,7 +8,7 @@
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	"features": {
 		"ghcr.io/devcontainers-contrib/features/poetry:2": {},
-		"ghcr.io/devcontainers-contrib/features/node-asdf:0": {},
+		"ghcr.io/devcontainers/features/node:1": {},
 	},
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// This can be used to network with other containers or the host.

diff --git a/fixbackend/auth/user_manager.py b/fixbackend/auth/user_manager.py
@@ -17,9 +17,10 @@
 import re
 import secrets
 from concurrent.futures import ProcessPoolExecutor
-from typing import Annotated, Any, Optional, Tuple
+from typing import Annotated, Any, Optional, Tuple, Union
 from uuid import UUID
 
+import fastapi_users
 import pyotp
 from fastapi import Depends, Request
 from fastapi_users import BaseUserManager, exceptions
@@ -28,7 +29,7 @@
 from starlette.responses import Response
 
 from fixbackend.auth.models import User
-from fixbackend.auth.schemas import OTPConfig
+from fixbackend.auth.schemas import OTPConfig, UserCreate
 from fixbackend.auth.user_repository import UserRepository
 from fixbackend.auth.user_verifier import AuthEmailSender
 from fixbackend.config import Config
@@ -285,6 +286,19 @@ async def check_otp(self, user: User, otp: Optional[str], recovery_code: Optiona
             return await self.user_repository.delete_recovery_code(user.id, recovery_code, self.password_helper)
         return False
 
+    async def validate_password(self, password: str, user: Union[UserCreate, User]) -> None:  # type: ignore
+        if len(password) < 16:
+            raise fastapi_users.InvalidPasswordException(reason="Password is too short. Minimum length: 16 characters.")
+
+        if not re.search(r"[A-Z]", password):
+            raise fastapi_users.InvalidPasswordException(reason="Password must contain at least one uppercase letter.")
+
+        if not re.search(r"[a-z]", password):
+            raise fastapi_users.InvalidPasswordException(reason="Password must contain at least one lowercase letter.")
+
+        if not re.search(r"[0-9]", password):
+            raise fastapi_users.InvalidPasswordException(reason="Password must contain at least one digit.")
+
 
 def get_password_helper(deps: FixDependency) -> PasswordHelperProtocol | None:
     return deps.service(ServiceNames.password_helper, PasswordHelper)

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "devDependencies": {
     "daisyui": "^4.10.2",
-    "tailwindcss": "^3.4.3"
+    "tailwindcss": "^3.4.10"
   }
 }
diff --git a/tests/fixbackend/auth/router_test.py b/tests/fixbackend/auth/router_test.py
@@ -165,7 +165,7 @@ async def test_registration_flow(
     role_repo = fix_deps.add(ServiceNames.role_repository, InMemoryRoleRepository())
     registration_json = {
         "email": "[email protected]",
-        "password": "changeme",
+        "password": "changeMe123456789",
     }
 
     # register user
@@ -249,7 +249,7 @@ async def test_mfa_flow(
     verifier = fix_deps.service(ServiceNames.auth_email_sender, InMemoryVerifier)
 
     # register user
-    registration_json = {"email": "[email protected]", "password": "changeme"}
+    registration_json = {"email": "[email protected]", "password": "changeMe123456789"}
     response = await api_client.post("/api/auth/register", json=registration_json)
     assert response.status_code == 201