fix(auth): relax password complexity requirements to suggestions-only#5764
fix(auth): relax password complexity requirements to suggestions-only#5764ajnart wants to merge 6 commits into
Conversation
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
ajnart
force-pushed
the
fix/credentials-login-session
branch
2 times, most recently
from
42dd814 to
e6ef990
Compare
…lax password rules Session creation failed with NOT NULL constraint on expires column due to invalid date propagation from duration parsing. Override adapter.createSession with validated insert, harden signIn callback, fix createDurationSchema for numeric-only values, and guard events.ts group insert. Also relaxes password complexity to suggestions-only (min 8 chars enforced), extracts shared UserCreatePasswordFields component, and fixes login form passing extra fields to signIn.
ajnart
force-pushed
the
fix/credentials-login-session
branch
from
e6ef990 to
2732532
Compare
Dokploy Preview Deployment
|
manuel-rw
left a comment
manuel-rw
left a comment
There was a problem hiding this comment.
generally looks good to me, but @Meierschlumpf should review your redis changes
|
I never had such an issue, can you explain the way to reproduce the sqlite issue? |
|
@Meierschlumpf I honestly couldn't reproduce it again either, and AUTH_SESSION_EXPIRY_TIME fell-back to the default "30d". The createDurationSchema issue covers the case where someone passes a bare number (e.g. "86400"), but that wasn't the trigger here, I had this issue consistently at the time of the PR but I am not able to reproduce it anymore on the :latest image.. 🤷🏻♂️ At that time, I was doing a git stash and applying it to get the app working locally We can disregard the changes to this if it's not relevant, but it might save someone that has a weird issue like mine. Perhaps it's a strange macos issue/a package update fixed it. We can only keep the password-related changes if you think that's better |
|
Okay understand, thanks |
…equirement relaxation
ajnart
changed the title
Remove redundant tests, rename requirement translations to suggestion for clearer i18n, simplify password input state and requirement display.
3 participants
Summary
Relaxes password complexity validation to suggestions-only while keeping the minimum 8-character requirement enforced.
Changes
userPasswordSchemanow only enforcesmin(8).max(255)— no more rejection for missing uppercase, lowercase, number, or special charsUserCreatePasswordFieldsshared component used in onboarding and user managementCustomPasswordInputTest plan
LoveHomarr<3hashes correctly with bcrypt