github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-01 00:38:34 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

feat(api): enforce password validation on reset and update flows

Browse Source 
Add bcrypt_password validation to password reset and update endpoints:
- Add validation tag to PasswordReset.NewPassword struct field
- Add validation tag to UserPassword.NewPassword struct field
- Add c.Validate() calls in both handlers
- Fix off-by-one error in bcrypt_password validator (use <= 72 not < 72)

Password requirements: min 8 chars, max 72 bytes (bcrypt limit)
This commit is contained in:
kolaente
2026-02-25 13:34:55 +01:00
parent 39da47e435
commit 89c17d3b23
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/user/user_password_reset.go
View File

@@ -27,7 +27,7 @@ type PasswordReset struct {
// The previously issued reset token.
Token string `json:"token"`
// The new password for this user.
NewPassword string `json:"new_password"`
NewPassword string `json:"new_password" valid:"bcrypt_password" minLength:"8" maxLength:"72"`
}
// ResetPassword resets a users password. It returns the ID of the user whose