Merge pull request #76 from icecream78/feature/password-config

Feature/password config

Author: awalias

api/admin.go

@@ -3,12 +3,13 @@ package api
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 
 	"github.com/go-chi/chi"
+	"github.com/gofrs/uuid"
 	"github.com/netlify/gotrue/models"
 	"github.com/netlify/gotrue/storage"
-	"github.com/gofrs/uuid"
 )
 
 type adminUserParams struct {
@@ -94,6 +95,7 @@ func (a *API) adminUserUpdate(w http.ResponseWriter, r *http.Request) error {
 	adminUser := getAdminUser(ctx)
 	instanceID := getInstanceID(ctx)
 	params, err := a.getAdminParams(r)
+	config := getConfig(ctx)
 	if err != nil {
 		return err
 	}
@@ -112,6 +114,10 @@ func (a *API) adminUserUpdate(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		if params.Password != "" {
+			if len(params.Password) < config.PasswordMinLength {
+				return fmt.Errorf("Password should be at least %d characters", config.PasswordMinLength)
+			}
+
 			if terr := user.UpdatePassword(tx, params.Password); terr != nil {
 				return terr
 			}

api/signup.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"github.com/netlify/gotrue/metering"
@@ -40,6 +41,10 @@ func (a *API) Signup(w http.ResponseWriter, r *http.Request) error {
 	if params.Password == "" {
 		return unprocessableEntityError("Signup requires a valid password")
 	}
+	if len(params.Password) < config.PasswordMinLength {
+		return unprocessableEntityError(fmt.Sprintf("Password should be at least %d characters", config.PasswordMinLength))
+	}
+
 	if err := a.validateEmail(ctx, params.Email); err != nil {
 		return err
 	}

api/user.go

@@ -2,11 +2,12 @@ package api
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
 
+	"github.com/gofrs/uuid"
 	"github.com/netlify/gotrue/models"
 	"github.com/netlify/gotrue/storage"
-	"github.com/gofrs/uuid"
 )
 
 // UserUpdateParams parameters for updating a user
@@ -80,6 +81,10 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 	err = a.db.Transaction(func(tx *storage.Connection) error {
 		var terr error
 		if params.Password != "" {
+			if len(params.Password) < config.PasswordMinLength {
+				return unprocessableEntityError(fmt.Sprintf("Password should be at least %d characters", config.PasswordMinLength))
+			}
+
 			if terr = user.UpdatePassword(tx, params.Password); terr != nil {
 				return internalServerError("Error during password storage").WithInternalError(terr)
 			}

conf/configuration.go

@@ -109,14 +109,15 @@ type MailerConfiguration struct {
 
 // Configuration holds all the per-instance configuration.
 type Configuration struct {
-	SiteURL       string                `json:"site_url" split_words:"true" required:"true"`
-	JWT           JWTConfiguration      `json:"jwt"`
-	SMTP          SMTPConfiguration     `json:"smtp"`
-	Mailer        MailerConfiguration   `json:"mailer"`
-	External      ProviderConfiguration `json:"external"`
-	DisableSignup bool                  `json:"disable_signup" split_words:"true"`
-	Webhook       WebhookConfig         `json:"webhook" split_words:"true"`
-	Cookie        struct {
+	SiteURL           string                `json:"site_url" split_words:"true" required:"true"`
+	PasswordMinLength int                   `json:"password_min_length" default:"6"`
+	JWT               JWTConfiguration      `json:"jwt"`
+	SMTP              SMTPConfiguration     `json:"smtp"`
+	Mailer            MailerConfiguration   `json:"mailer"`
+	External          ProviderConfiguration `json:"external"`
+	DisableSignup     bool                  `json:"disable_signup" split_words:"true"`
+	Webhook           WebhookConfig         `json:"webhook" split_words:"true"`
+	Cookie            struct {
 		Key      string `json:"key"`
 		Duration int    `json:"duration"`
 	} `json:"cookies"`

hack/test.env

@@ -4,7 +4,7 @@ GOTRUE_JWT_AUD=api.netlify.com
 GOTRUE_DB_DRIVER=mysql
 GOTRUE_DB_AUTOMIGRATE=true
 GOTRUE_DB_NAMESPACE=test
-DATABASE_URL="root@tcp(127.0.0.1:3306)/gotrue_test?parseTime=true&sql_mode=TRADITIONAL"
+DATABASE_URL="root@tcp(127.0.0.1:3306)/gotrue_test?parseTime=true&sql_mode=TRADITIONAL&multiStatements=true"
 GOTRUE_API_HOST=localhost
 PORT=9999
 GOTRUE_LOG_LEVEL=debug