add minimum password length check

2025-09-15 07:11:15 +00:00 · 2025-05-16 09:55:35 +02:00
parent 1394be2341
commit e9005b1b90
13 changed files with 129 additions and 13 deletions
--- a/internal/app/api/v0/handlers/base.go
+++ b/internal/app/api/v0/handlers/base.go
@@ -99,6 +99,8 @@ type Authenticator interface {
 	LoggedIn(scopes ...Scope) func(next http.Handler) http.Handler
 	// UserIdMatch checks if the user id in the session matches the user id in the request. If not, the request is aborted.
 	UserIdMatch(idParameter string) func(next http.Handler) http.Handler
+	// InfoOnly only add user info to the request context. No login check is performed.
+	InfoOnly() func(next http.Handler) http.Handler
 }

 type Session interface {
--- a/internal/app/api/v0/handlers/endpoint_config.go
+++ b/internal/app/api/v0/handlers/endpoint_config.go
@@ -47,7 +47,7 @@ func (e ConfigEndpoint) RegisterRoutes(g *routegroup.Bundle) {
 	apiGroup := g.Mount("/config")

 	apiGroup.HandleFunc("GET /frontend.js", e.handleConfigJsGet())
-	apiGroup.HandleFunc("GET /settings", e.handleSettingsGet())
+	apiGroup.With(e.authenticator.InfoOnly()).HandleFunc("GET /settings", e.handleSettingsGet())
 }

 // handleConfigJsGet returns a gorm Handler function.
@@ -108,6 +108,7 @@ func (e ConfigEndpoint) handleSettingsGet() http.HandlerFunc {
 				SelfProvisioning:          e.cfg.Core.SelfProvisioningAllowed,
 				ApiAdminOnly:              e.cfg.Advanced.ApiAdminOnly,
 				WebAuthnEnabled:           e.cfg.Auth.WebAuthn.Enabled,
+				MinPasswordLength:         e.cfg.Auth.MinPasswordLength,
 			})
 		}
 	}
--- a/internal/app/api/v0/handlers/web_authentication.go
+++ b/internal/app/api/v0/handlers/web_authentication.go
@@ -72,6 +72,32 @@ func (h AuthenticationHandler) LoggedIn(scopes ...Scope) func(next http.Handler)
 	}
 }

+// InfoOnly only checks if the user is logged in and adds the user id to the context.
+// If the user is not logged in, the context user id is set to domain.CtxUnknownUserId.
+func (h AuthenticationHandler) InfoOnly() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			session := h.session.GetData(r.Context())
+
+			var newContext context.Context
+
+			if !session.LoggedIn {
+				newContext = domain.SetUserInfo(r.Context(), domain.DefaultContextUserInfo())
+			} else {
+				newContext = domain.SetUserInfo(r.Context(), &domain.ContextUserInfo{
+					Id:      domain.UserIdentifier(session.UserIdentifier),
+					IsAdmin: session.IsAdmin,
+				})
+			}
+
+			r = r.WithContext(newContext)
+
+			// Continue down the chain to Handler etc
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
 // UserIdMatch checks if the user id in the session matches the user id in the request. If not, the request is aborted.
 func (h AuthenticationHandler) UserIdMatch(idParameter string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
--- a/internal/app/api/v0/model/models.go
+++ b/internal/app/api/v0/model/models.go
@@ -11,4 +11,5 @@ type Settings struct {
 	SelfProvisioning          bool `json:"SelfProvisioning"`
 	ApiAdminOnly              bool `json:"ApiAdminOnly"`
 	WebAuthnEnabled           bool `json:"WebAuthnEnabled"`
+	MinPasswordLength         int  `json:"MinPasswordLength"`
 }