import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { first } from "@goauthentik/common/utils"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement, state } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { PasswordPolicy, PoliciesApi } from "@goauthentik/api"; @customElement("ak-policy-password-form") export class PasswordPolicyForm extends ModelForm { @state() showStatic = true; @state() showHIBP = false; @state() showZxcvbn = false; async loadInstance(pk: string): Promise { const policy = await new PoliciesApi(DEFAULT_CONFIG).policiesPasswordRetrieve({ policyUuid: pk, }); this.showStatic = policy.checkStaticRules || false; this.showHIBP = policy.checkHaveIBeenPwned || false; this.showZxcvbn = policy.checkZxcvbn || false; return policy; } getSuccessMessage(): string { if (this.instance) { return msg("Successfully updated policy."); } else { return msg("Successfully created policy."); } } async send(data: PasswordPolicy): Promise { if (this.instance) { return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordUpdate({ policyUuid: this.instance.pk || "", passwordPolicyRequest: data, }); } else { return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordCreate({ passwordPolicyRequest: data, }); } } renderStaticRules(): TemplateResult { return html` ${msg("Static rules")}

?@[]^_`{|}~ ", )}" class="pf-c-form-control" required />

${msg("Characters which are considered as symbols.")}

`; } renderHIBP(): TemplateResult { return html` ${msg("HaveIBeenPwned settings")}

${msg("Allow up to N occurrences in the HIBP database.")}

`; } renderZxcvbn(): TemplateResult { return html` ${msg("zxcvbn settings")}

${msg( "If the password's score is less than or equal this value, the policy will fail.", )}

${msg("0: Too guessable: risky password. (guesses < 10^3)")}

${msg( "1: Very guessable: protection from throttled online attacks. (guesses < 10^6)", )}

${msg( "2: Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)", )}

${msg( "3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)", )}

${msg( "4: Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)", )}

`; } renderForm(): TemplateResult { return html` ${msg( "Checks the value from the policy request against several rules, mostly used to ensure password strength.", )}

${msg("Execution logging")}

${msg( "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.", )}

${msg("Field key to check, field keys defined in Prompt stages are available.")}

{ const el = ev.target as HTMLInputElement; this.showStatic = el.checked; }} /> ${msg("Check static rules")}

{ const el = ev.target as HTMLInputElement; this.showHIBP = el.checked; }} /> ${msg("Check haveibeenpwned.com")}

${msg("For more info see:")} haveibeenpwned.com

{ const el = ev.target as HTMLInputElement; this.showZxcvbn = el.checked; }} /> ${msg("Check zxcvbn")}

${msg("Password strength estimator created by Dropbox, see:")} dropbox/zxcvbn

${this.showStatic ? this.renderStaticRules() : html``} ${this.showHIBP ? this.renderHIBP() : html``} ${this.showZxcvbn ? this.renderZxcvbn() : html``}`; } }