habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,154 Commits 205 Branches 395 Tags
5156aeee0fb268b59bc571e1d4ea3d714f8c0e2a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
sdimovv 5156aeee0f policies/password: Always add generic message to failing zxcvbn check (#4100) 
* Always add generic message to failing zxcvbn password policy

Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.

For example:
```
$ echo  'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password: 
  "score": 3,
  "feedback": {
    "warning": "",
    "suggestions": []
  }
}
```

As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. 

There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.

I personally prefer 1. This way the generic message will  be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.



Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/policies/password/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* fix black formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
.github
ci: allow errors in migrate-from-stable for now
2022-11-14 21:52:31 +01:00
.vscode
blueprints: add desired state attribute to objects (#4061)
2022-11-22 14:27:20 +01:00
authentik
policies/password: Always add generic message to failing zxcvbn check (#4100)
2022-11-30 07:58:16 +00:00
blueprints
blueprints: add desired state attribute to objects (#4061)
2022-11-22 14:27:20 +01:00
cmd
root: make sentry DSN configurable (#4016)
2022-11-15 16:05:29 +01:00
internal
internal: reuse http transport to prevent leaking connections (#3996)
2022-11-25 18:24:01 +01:00
lifecycle
root: use single redis db (#4009)
2022-11-15 14:31:29 +01:00
locale
web/admin: clarify phrasing that user ID is required
2022-11-24 11:37:54 +01:00
scripts
root: update options for generating TS API (#3833)
2022-10-21 09:08:25 +02:00
tests
events: fix incorrect EventAction being used
2022-11-25 11:53:05 +01:00
web
web: bump @sentry/browser from 7.21.1 to 7.22.0 in /web (#4120)
2022-11-30 08:46:22 +01:00
website
website/docs: Change Kubernetes ingress apiVersion out of beta (#4099)
2022-11-28 16:42:59 +01:00
xml
*/saml: test against SAML Schema
2020-12-13 19:53:16 +01:00
.bumpversion.cfg
release: 2022.11.1
2022-11-22 21:42:10 +01:00
.dockerignore
root: add bundled docs
2021-07-13 11:06:51 +02:00
.editorconfig
repo cleanup, switch to new docker registry
2019-04-29 17:05:39 +02:00
.gitignore
root: add vscode tasks
2022-07-01 16:10:08 +02:00
CODE_OF_CONDUCT.md
root: rework and expand security policy
2022-11-28 12:10:53 +01:00
CONTRIBUTING.md
root: rework and expand security policy
2022-11-28 12:10:53 +01:00
docker-compose.yml
release: 2022.11.1
2022-11-22 21:42:10 +01:00
Dockerfile
root: include security policy in website container
2022-11-29 00:05:42 +01:00
go.mod
core: bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#4118)
2022-11-30 08:37:48 +01:00
go.sum
core: bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#4118)
2022-11-30 08:37:48 +01:00
ldap.Dockerfile
core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925)
2022-11-01 23:26:17 +01:00
LICENSE
root: relicense and launch blog post
2022-11-03 16:00:00 +01:00
Makefile
root: use single redis db (#4009)
2022-11-15 14:31:29 +01:00
manage.py
root: update deprecation warnings
2022-11-25 11:47:28 +01:00
poetry.lock
core: bump pylint from 2.15.6 to 2.15.7 (#4124)
2022-11-30 08:36:14 +01:00
proxy.Dockerfile
core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925)
2022-11-01 23:26:17 +01:00
pyproject.toml
release: 2022.11.1
2022-11-22 21:42:10 +01:00
README.md
root: rework and expand security policy
2022-11-28 12:10:53 +01:00
schema.yml
release: 2022.11.1
2022-11-22 21:42:10 +01:00
SECURITY.md
root: rework and expand security policy
2022-11-28 12:10:53 +01:00

README.md

authentik logo

Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Docker pulls Latest version

What is authentik?

authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.

Installation

For small/test setups it is recommended to use docker-compose, see the documentation

For bigger setups, there is a Helm Chart here. This is documented here

Screenshots

Light Dark

Development

See Development Documentation

Security

See SECURITY.md

Sponsors

This project is proudly sponsored by:

DigitalOcean provides development and testing resources for authentik.

Deploys by Netlify

Netlify hosts the goauthentik.io site.

Description
The authentication glue you need.
authenticationauthentikauthorizationkubernetesoauth2oauth2-clientoauth2-serveroidcoidc-clientoidc-providerproxyreverse-proxysamlsaml-idpsaml-spsecuritysso
Readme MIT 664 MiB
Languages
Python 51.7%
TypeScript 36.4%
MDX 5.1%
Go 3.7%
JavaScript 1.6%
Other 1.4%