Neil Lalonde
6f747c6b71
FIX: don't allow username to be changed to same as password
...
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
2019-05-13 16:43:40 -04:00
Sam Saffron
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Vinoth Kannan
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
Sam
dacfdd4dc8
use chars as opposed to split
2017-02-14 09:40:15 -05:00
Sam
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
Neil Lalonde
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
Neil Lalonde
7a81669c18
SECURITY: don't allow re-using the current password during password reset
2016-08-24 12:27:21 -04:00
Arpit Jalan
36f82aa68c
FEATURE: enforce admin password validation when signing up via developer email
2016-03-04 00:28:47 +05:30
Arpit Jalan
50e65634d7
FEATURE: new setting min_admin_password_length and better default
2016-03-02 14:43:26 +05:30
bgr11n
53fb84baa3
fixed password validator on equality with email
2016-01-05 22:43:11 +02:00
Neil Lalonde
c04b214910
FEATURE: don't allow username and email to be the same
2015-02-27 13:47:43 -05:00
Neil Lalonde
cf81b3f86d
FEATURE: don't allow username and password to be the same
2015-02-25 12:00:13 -05:00
Neil Lalonde
ab12695d63
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature.
2013-12-27 11:00:21 -05:00
Neil Lalonde
854d9c8fc6
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length.
2013-12-19 16:15:47 -05:00
Neil Lalonde
33c6997ded
Move password validation into PasswordValidator
2013-12-19 16:15:47 -05:00