diff --git a/internal/start/start.go b/internal/start/start.go index 231f5e818..defb8902a 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -462,13 +462,6 @@ EOF formatMapForEnvConfig(utils.Config.Auth.Sms.TestOTP, &testOTP) } - var password_requirements = map[config.PasswordRequirements]string{ - "": "", - "letters_digits": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789", - "lower_upper_letters_digits": "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789", - "lower_upper_letters_digits_symbols": "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789:!@#$%^&*()_+-=[]{};'\\\\:\"|<>?,./`~", - } - env := []string{ "API_EXTERNAL_URL=" + utils.Config.Api.ExternalUrl, @@ -514,7 +507,7 @@ EOF "GOTRUE_SMS_TEST_OTP=" + testOTP.String(), fmt.Sprintf("GOTRUE_PASSWORD_MIN_LENGTH=%v", utils.Config.Auth.MinimumPasswordLength), - fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", password_requirements[utils.Config.Auth.PasswordRequirements]), + fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", utils.Config.Auth.PasswordRequirements.ToChar()), fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_ROTATION_ENABLED=%v", utils.Config.Auth.EnableRefreshTokenRotation), fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_REUSE_INTERVAL=%v", utils.Config.Auth.RefreshTokenReuseInterval), fmt.Sprintf("GOTRUE_SECURITY_MANUAL_LINKING_ENABLED=%v", utils.Config.Auth.EnableManualLinking), diff --git a/pkg/config/auth.go b/pkg/config/auth.go index a806555b9..77de76201 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -19,6 +19,30 @@ const ( LowerUpperLettersDigitsSymbols PasswordRequirements = "lower_upper_letters_digits_symbols" ) +func (r PasswordRequirements) ToChar() v1API.UpdateAuthConfigBodyPasswordRequiredCharacters { + switch r { + case LettersDigits: + return v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + case LowerUpperLettersDigits: + return v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567891 + case LowerUpperLettersDigitsSymbols: + return v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567892 + } + return v1API.Empty +} + +func NewPasswordRequirement(c v1API.UpdateAuthConfigBodyPasswordRequiredCharacters) PasswordRequirements { + switch c { + case v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789: + return LettersDigits + case v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567891: + return LowerUpperLettersDigits + case v1API.AbcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567892: + return LowerUpperLettersDigitsSymbols + } + return NoRequirements +} + type ( auth struct { Enabled bool `toml:"enabled"` @@ -204,7 +228,7 @@ func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody { DisableSignup: cast.Ptr(!a.EnableSignup), ExternalAnonymousUsersEnabled: &a.EnableAnonymousSignIns, PasswordMinLength: cast.UintToIntPtr(&a.MinimumPasswordLength), - PasswordRequiredCharacters: (*v1API.UpdateAuthConfigBodyPasswordRequiredCharacters)(&a.PasswordRequirements), + PasswordRequiredCharacters: cast.Ptr(a.PasswordRequirements.ToChar()), } a.Hook.toAuthConfigBody(&body) a.MFA.toAuthConfigBody(&body) @@ -224,6 +248,9 @@ func (a *auth) FromRemoteAuthConfig(remoteConfig v1API.AuthConfigResponse) { a.EnableManualLinking = cast.Val(remoteConfig.SecurityManualLinkingEnabled, false) a.EnableSignup = !cast.Val(remoteConfig.DisableSignup, false) a.EnableAnonymousSignIns = cast.Val(remoteConfig.ExternalAnonymousUsersEnabled, false) + a.MinimumPasswordLength = cast.IntToUint(cast.Val(remoteConfig.PasswordMinLength, 0)) + prc := cast.Val(remoteConfig.PasswordRequiredCharacters, "") + a.PasswordRequirements = NewPasswordRequirement(v1API.UpdateAuthConfigBodyPasswordRequiredCharacters(prc)) a.Hook.fromAuthConfig(remoteConfig) a.MFA.fromAuthConfig(remoteConfig) a.Sessions.fromAuthConfig(remoteConfig)