github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-03-25 16:01:22 -05:00
Code Issues 447 Packages Projects Releases 9 Wiki Activity
Files
codex/add-task-sorting-functionality
vikunja/pkg/user/validator.go
kolaente 89c17d3b23 feat(api): enforce password validation on reset and update flows 
Add bcrypt_password validation to password reset and update endpoints:
- Add validation tag to PasswordReset.NewPassword struct field
- Add validation tag to UserPassword.NewPassword struct field
- Add c.Validate() calls in both handlers
- Fix off-by-one error in bcrypt_password validator (use <= 72 not < 72)

Password requirements: min 8 chars, max 72 bytes (bcrypt limit)
2026-02-25 13:44:56 +01:00

62 lines
1.8 KiB
Go
Raw Permalink Blame History

// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-present Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package user
import (
"regexp"
"strings"
"code.vikunja.io/api/pkg/i18n"
"github.com/asaskevich/govalidator"
)
func init() {
govalidator.TagMap["username"] = func(i string) bool {
// To avoid making this overly complicated, we only check a few things:
// 1. No Spaces
// 2. Should not look like an url
// 3. Should not contain , (because then it will be impossible to search for)
// 4. Should not start with link-share-[NUMBER] (reserved for link sharing system)
if govalidator.HasWhitespace(i) {
return false
}
if govalidator.IsURL(i) {
return false
}
if strings.Contains(i, ",") {
return false
}
// Check if username matches the reserved link-share pattern
linkSharePattern := regexp.MustCompile(`^link-share-\d+$`)
return !linkSharePattern.MatchString(i)
}
govalidator.TagMap["bcrypt_password"] = func(str string) bool {
if len(str) < 8 {
return false
}
return len([]byte(str)) <= 72
}
govalidator.TagMap["language"] = i18n.HasLanguage
}
Reference in New Issue View Git Blame Copy Permalink