diff --git a/Configuration/UserConfig.cs b/Configuration/UserConfig.cs index 165cb87..21d8a7a 100644 --- a/Configuration/UserConfig.cs +++ b/Configuration/UserConfig.cs @@ -9,6 +9,7 @@ namespace Teknik.Configuration public string UsernameFilterLabel { get; set; } public int MinUsernameLength { get; set; } public int MaxUsernameLength { get; set; } + public int MinPasswordLength { get; set; } public string ReservedUsernameDefinitionFile { get; set; } public decimal PremiumAccountPrice { get; set; } public string PaymentType { get; set; } @@ -24,6 +25,7 @@ namespace Teknik.Configuration UsernameFilterLabel = "AlphaNumeric Characters with Dashes, Underlines, and 0-1 Periods not in the beginning or end."; MinUsernameLength = 1; MaxUsernameLength = 35; + MinPasswordLength = 2; ReservedUsernameDefinitionFile = string.Empty; PremiumAccountPrice = 0; PaymentType = "Donation"; diff --git a/Teknik/Areas/User/Controllers/UserController.cs b/Teknik/Areas/User/Controllers/UserController.cs index 693972e..a67e6d8 100644 --- a/Teknik/Areas/User/Controllers/UserController.cs +++ b/Teknik/Areas/User/Controllers/UserController.cs @@ -142,6 +142,16 @@ namespace Teknik.Areas.Users.Controllers model.Error = true; model.ErrorMessage = "That username is not available"; } + if (!model.Error && string.IsNullOrEmpty(model.Password)) + { + model.Error = true; + model.ErrorMessage = "You must enter a password"; + } + if (!model.Error && model.Password.Length < _config.UserConfig.MinPasswordLength) + { + model.Error = true; + model.ErrorMessage = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long"; + } if (!model.Error && model.Password != model.ConfirmPassword) { model.Error = true; @@ -707,6 +717,9 @@ namespace Teknik.Areas.Users.Controllers // Old Password Valid? if (!(await UserHelper.UserPasswordCorrect(_config, user.Username, settings.CurrentPassword))) return Json(new { error = "Invalid Original Password" }); + // Does the new password meet the length requirement? + if (settings.NewPassword.Length < _config.UserConfig.MinPasswordLength) + return Json(new { error = $"New Password must be at least {_config.UserConfig.MinPasswordLength} characters long" }); // The New Password Match? if (settings.NewPassword != settings.NewPasswordConfirm) return Json(new { error = "New Password must match confirmation" }); @@ -900,6 +913,10 @@ namespace Teknik.Areas.Users.Controllers { return Json(new { error = "Password must not be empty" }); } + if (passwordViewModel.Password.Length < _config.UserConfig.MinPasswordLength) + { + return Json(new { error = $"Password must be at least {_config.UserConfig.MinPasswordLength} characters long" }); + } if (passwordViewModel.Password != passwordViewModel.PasswordConfirm) { return Json(new { error = "Passwords must match" }); diff --git a/Teknik/Middleware/CSPMiddleware.cs b/Teknik/Middleware/CSPMiddleware.cs index cf0bb02..c3cbd2d 100644 --- a/Teknik/Middleware/CSPMiddleware.cs +++ b/Teknik/Middleware/CSPMiddleware.cs @@ -53,7 +53,8 @@ namespace Teknik.Middleware "worker-src blob: mediastream: {0}; " + "form-action {0}; " + "base-uri {0}; " + - "frame-ancestors {0};", + "frame-ancestors {0}; " + + "object-src {0};", allowedDomain, httpContext.Items[Constants.NONCE_KEY])); }