fix(security): strengthen password policy
Increase minimum password length from 8 to 12 characters and require at least one uppercase letter, one lowercase letter, and one digit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
9870fa7831
commit
7b0f3bc61d
1 changed files with 18 additions and 2 deletions
20
change.go
20
change.go
|
|
@ -4,11 +4,27 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"unicode"
|
||||||
)
|
)
|
||||||
|
|
||||||
func checkPasswdConstraint(password string) error {
|
func checkPasswdConstraint(password string) error {
|
||||||
if len(password) < 8 {
|
if len(password) < 12 {
|
||||||
return errors.New("too short, please choose a password at least 8 characters long.")
|
return errors.New("too short, please choose a password at least 12 characters long")
|
||||||
|
}
|
||||||
|
|
||||||
|
var hasUpper, hasLower, hasDigit bool
|
||||||
|
for _, r := range password {
|
||||||
|
switch {
|
||||||
|
case unicode.IsUpper(r):
|
||||||
|
hasUpper = true
|
||||||
|
case unicode.IsLower(r):
|
||||||
|
hasLower = true
|
||||||
|
case unicode.IsDigit(r):
|
||||||
|
hasDigit = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !hasUpper || !hasLower || !hasDigit {
|
||||||
|
return errors.New("password must contain at least one uppercase letter, one lowercase letter, and one digit")
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue