Skip to content

Add password complexity to application settings on backend

related to !82798 (merged)

Related to #354965 (closed) Related to #348484 (closed)

What does this MR do and why?

Adding password complexity configuration fields to the Sign-up restrictions on General Settings page. This MR only includes backend implementation, frontend part can be found in this MR !86852 (merged).

This MR also exposes the complexity settings to /api/v4/application/settings api.

Proposal

To make this feature available, the following changes should be applied to Application Settings

  • Push licensed feature password_complexity to general action to let frontend know whether it has this licensed feature
  • Add password complexity config fields to signup_form components, so we can update these settings on General Settings page.
  • Put rules to Gon for frontend form validation in this MR
  • Expose complexity settings to api
  • Update api docs

Screenshots or screen recordings

NO UI changes

How to set up and validate locally

With license

  1. Given a GitLab instance with premium license
  2. And update complexity settings in Postman {{APP_PATH}}/api/v4/application/settings
  3. Then you should see the complexity settings are updated.

Without license

  1. Given a GitLab instance WITHOUT license
  2. And update complexity settings in Postman {{APP_PATH}}/api/v4/application/settings
  3. Then you should NOT see the complexity settings are updated.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

/cc @prajnamas

Edited by Hannah Sutor

Merge request reports

Loading