Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AshAuthentication.Strategy.Password should allow configuration of what should be considered a valid password. #497

Open
zorn opened this issue Oct 31, 2023 · 4 comments
Open

AshAuthentication.Strategy.Password should allow configuration of what should be considered a valid password. #497

zorn opened this issue Oct 31, 2023 · 4 comments
Assignees
@jimsynz
Labels
enhancement New feature or request good first issue Good for newcomers
Milestone
4.0

Comments

@zorn
Copy link

zorn commented Oct 31, 2023

I'm using AshAuthentication.Strategy.Password in my app and was interested in customizing the default 8 character requirement of a password. I am interested in having it be 20. To the best of my early research, I could not find a way to change or influence the current 8 character setting.

I started asking questions on the forum, and there seemed to be interest in expanding the customizations of the Password strategy so I'm making this new issue to help center discussion and efforts toward this new logic.

https://elixirforum.com/t/is-there-a-way-for-me-to-customize-the-default-password-length-requirement-while-using-the-password-strategy-of-ash-authentication/59329/1
@jimsynz jimsynz self-assigned this Oct 31, 2023
@jimsynz jimsynz added enhancement New feature or request good first issue Good for newcomers labels Oct 31, 2023
@zachdaniel
Copy link
Collaborator

Yeah, this one is pretty interesting. I think the password validation should maybe be simplified to a single module/function, with the default being one that validates the length. i.e

password do
  ...
  password_validator PasswordValidator
end
defmodule PasswordValidator do
  def validate(password) do
    with :ok <- validate_length(password),
            :ok <- validate_characters(password) do
      :ok
    end
  end

  ...
end

@jimsynz
Copy link
Collaborator

jimsynz commented Nov 13, 2023

yeah that makes sense. we could have a behaviour like the password hashing behaviour.

@jimsynz jimsynz added this to the 4.0 milestone Nov 15, 2023
@wintermeyer
Copy link
Contributor

@zachdaniel @jimsynz I have a similar problem. I want to check for a minimum password length of 9 and I want to check if that password is in table with bad passwords (e.g. "111111111"). Is there some work around which I can use right away?

@zachdaniel
Copy link
Collaborator

I believe you can add a global validation.

validations do
  validate ValidatePassword, where: [action_is([:register, :change_password])] # whatever your actions are called
end

Then you can match on the changeset to see what argument/value you should check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jimsynz jimsynz

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
4 participants
@zorn @jimsynz @wintermeyer @zachdaniel