Add frontend form password complexity validation (!85765) · Merge requests · GitLab.org / GitLab

Kun Qian requested to merge gitlab-jh/jh-team/gitlab:add-frontend-password-complexity-validation into master Apr 24, 2022

What does this MR do and why?

closes #358669 (closed) Related to #348484 (closed)

These 5 setting password pages will be affected

User registration page http://{{YOUR_HOST}}/users/sign_up
User profile page http://{{YOUR_HOST}}/-/profile/password/edit
User setting new password page http://{{YOUR_HOST}}/-/profile/password/new
Admin editing user profile page http://{{YOUR_HOST}}/admin/users/{{USER_NAME}}/edit
User forget and reset password page http://{{YOUR_HOST}}//users/password/edit?reset_password_token={{YOUR_RESET_TOKEN}}

Screenshots or screen recordings

match no rule before submit

match some rule before submit

match no rule after submit

match some rule after submit

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Example below:

1.apply the patch to ee/app/helpers/ee/auth_helper.rb to

Index: ee/app/helpers/ee/auth_helper.rb
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/ee/app/helpers/ee/auth_helper.rb b/ee/app/helpers/ee/auth_helper.rb
--- a/ee/app/helpers/ee/auth_helper.rb	(revision bd192021e565a0fecaa2c47bd0dabc4dc0746beb)
+++ b/ee/app/helpers/ee/auth_helper.rb	(date 1655526411631)
@@ -44,12 +44,12 @@
 
     override :password_rule_list
     def password_rule_list
-      if ::License.feature_available?(:password_complexity)
+      if true
         rules = []
-        rules << :number if ::Gitlab::CurrentSettings.password_number_required?
-        rules << :lowercase if ::Gitlab::CurrentSettings.password_lowercase_required?
-        rules << :uppercase if ::Gitlab::CurrentSettings.password_uppercase_required?
-        rules << :symbol if ::Gitlab::CurrentSettings.password_symbol_required?
+        rules << :number
+        rules << :lowercase
+        rules << :uppercase
+        rules << :symbol
 
         rules
       end

or merge !85763 (merged) and !86852 (merged), browse local with password_complexity feature enabled in premium license, set password complexity in http://127.0.0.1:3000/admin/application_settings/general

Enter to registration page and edit password page, the password complexity validation will show on form

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

cc. @daveliu

Edited Jun 18, 2022 by Kun Qian

Add frontend form password complexity validation