-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: magiclink failing due to passwordStrength check #1769
base: master
Are you sure you want to change the base?
Conversation
deb465d
to
07a44bc
Compare
999c09e
to
fb1a58c
Compare
Pull Request Test Coverage Report for Build 10800290811Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
// parseGroups processes the required character groups from a slice of strings. | ||
func parseGroups(requiredChars []string) []string { | ||
var groups []string | ||
groups = append(groups, requiredChars...) | ||
return groups | ||
} | ||
|
||
func GeneratePassword(requiredChars []string, length int) (string, error) { | ||
groups := parseGroups(requiredChars) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can reference the parameter directly since we don't mutate the slice.
// parseGroups processes the required character groups from a slice of strings. | |
func parseGroups(requiredChars []string) []string { | |
var groups []string | |
groups = append(groups, requiredChars...) | |
return groups | |
} | |
func GeneratePassword(requiredChars []string, length int) (string, error) { | |
groups := parseGroups(requiredChars) | |
func GeneratePassword(requiredChars []string, length int) (string, error) { |
passwordBuilder.Grow(length) | ||
|
||
// Add required characters | ||
for _, group := range groups { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for _, group := range groups { | |
for _, group := range requiredChars { |
} | ||
|
||
// Define a default character set for random generation (if needed) | ||
allChars := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
allChars := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" | |
const allChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we can move this into internal/crypto/password.go
I think the change will look good to me. A unit test would be a nice addition if time permits.
What kind of change does this PR introduce?
Bug fix
What is the current behavior?
#1761
What is the new behavior?
Now the password should generate secure enough with the necessary password requirements specified in environment variables.
Additional context
Basically this line in /internal/api/magic_link.go
password.Generate(64, 10, 1, false, true)
Generates an invalid value for this line in /internal/api/signup.go
if err := a.checkPasswordStrength(ctx, p.Password); err != nil {