Conversation
- Add password validation using zxcvbn in UserValidationModel and UserPasswordCheckValidationModel - Implement minimum password length enforcement (8 characters) - Add password complexity validation to CLI commands (install and create user) - Create validate_password_zxcvbn utility function - Simplify password check API to rely on validation models - Ensure password policies are enforced in admin dashboard and user management
level09
requested changes
Jul 8, 2025
Collaborator
level09
left a comment
There was a problem hiding this comment.
In addition to the comments, we can update the password reset cli command to also use our centralized validation :
try:
password = validate_password_policy(password)
except ValueError as e:
click.echo(str(e))
logger.error(str(e))
return
enferno/utils/validation_utils.py
Outdated
| if not (p := p.strip()): | ||
| raise ValueError("Password cannot be empty!") | ||
| # validate length | ||
| min_length = getattr(cfg, "SECURITY_PASSWORD_MIN_LENGTH", 8) |
Collaborator
There was a problem hiding this comment.
- The config variable name is incorrect, causing it to always use the default value of 8
- we don't need a fallback value, the configuration variable should always be set and it has the fallback value of 10
tarekio
approved these changes
Jul 17, 2025
## Jira Issue 1. [BYNT-1386](https://syriajustice.atlassian.net/browse/BYNT-1386) ## Description Add password validations checks to change_password.html and users.html ## Checklist - [ ] Tests added/updated - [ ] Documentation updated (if needed) - [ ] New strings prepared for translations ## API Changes (if applicable) - [ ] Permissions checked - [ ] Endpoint tests added ## Additional Notes [Any other relevant information] [BYNT-1386]: https://syriajustice.atlassian.net/browse/BYNT-1386?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira Issue
Description
Checklist
API Changes (if applicable)
Additional Notes
[Any other relevant information]