mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-03 23:00:14 -05:00
c8cbbc4eb6
refs #9150 - Moves the password length fn from `models/user` to `data/validation` where the other validator functions live. - Added password validation rules. Password rules added: - Disallow obviously bad passwords: '1234567890', 'qwertyuiop', 'asdfghjkl;' and 'asdfghjklm' for example - Disallow passwords that contain the words 'password' or 'ghost' - Disallow passwords that match the user's email address - Disallow passwords that match the blog domain or blog title - Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example. - Password validation returns an `Object` now, that includes an `isValid` and `message` property to differentiate between the two error messages (password too short or password insecure). - Use a catch predicate in `api/authentication` on `passwordReset`, so the correct `ValidationError` will be thrown during the password reset flow rather then an `UnauthorizedError`. - When in setup flow, the blog title is not available yet from `settingsCache`. We therefore supply it from the received form data in the user model `setup` method to have it accessible for the validation. |
||
|---|---|---|
| .. | ||
| adapters | ||
| api | ||
| auth | ||
| config | ||
| controllers | ||
| data/importer | ||
| helpers | ||
| metadata | ||
| middleware | ||
| models/base | ||
| models_plugins | ||
| permissions | ||
| services | ||
| settings | ||
| sitemap | ||
| themes | ||
| utils | ||
| admin_spec.js | ||
| apps_filters_spec.js | ||
| apps_spec.js | ||
| errors_spec.js | ||
| exporter_spec.js | ||
| filters_spec.js | ||
| ghost_sdk_spec.js | ||
| migration_fixture_utils_spec.js | ||
| migration_spec.js | ||
| rss_spec.js | ||
| server_utils_spec.js | ||
| social-urls_spec.js | ||
| utils_pipeline_spec.js | ||
| validation_spec.js | ||