Adding support for optional Password Policy (#3032)

* adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
parent 6be9ee5491
commit cf6ce5b9a3
10 changed files with 918 additions and 16 deletions
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -125,6 +125,7 @@ class ParseServer {
    preventLoginWithUnverifiedEmail = defaults.preventLoginWithUnverifiedEmail,
    emailVerifyTokenValidityDuration,
    accountLockout,
+    passwordPolicy,
    cacheAdapter,
    emailAdapter,
    publicServerURL,
@@ -210,6 +211,7 @@ class ParseServer {
      preventLoginWithUnverifiedEmail: preventLoginWithUnverifiedEmail,
      emailVerifyTokenValidityDuration: emailVerifyTokenValidityDuration,
      accountLockout: accountLockout,
+      passwordPolicy: passwordPolicy,
      allowClientClassCreation: allowClientClassCreation,
      authDataManager: authDataManager(oauth, enableAnonymousUsers),
      appName: appName,
@@ -233,6 +235,7 @@ class ParseServer {

    Config.validate(AppCache.get(appId));
    this.config = AppCache.get(appId);
+    Config.setupPasswordValidator(this.config.passwordPolicy);
    hooksController.load();

    // Note: Tests will start to fail if any validation happens after this is called.