Restrict password alphabet to SASLprep-safe ASCII subset (!66) · Merge requests · uffd / uffd · GitLab

Prior to this change user passwords were not validated on change aside from their length, but validated on login/bind by ldap3 with SASLprep. Instead of using SASLprep on password change, this change restricts passwords to 7-bit ASCII without control characters. Control characters are forbidden by SASLprep. Multi-byte characters are uncommon in password, especially in those generated by password managers. This ensures that passwords are always SASLprep-safe without implementing the rather complex SASLprep algorithm. It also allows us to fully describe the alphabet restrictions in the relevant forms.

Fixes #100 (closed)

Edited Aug 30, 2021 by Julian

Activity

Julian marked this merge request as draft Aug 30, 2021

marked this merge request as draft
Julian changed the description Aug 30, 2021

changed the description
Julian added 1 commit Aug 30, 2021
added 1 commit

cb2d7f35 - Restrict password alphabet to SASLprep-safe ASCII subset

Compare with previous version
Julian marked this merge request as ready Aug 30, 2021

marked this merge request as ready
Julian mentioned in issue #100 (closed) Aug 30, 2021

mentioned in issue #100 (closed)
nd approved this merge request Sep 1, 2021

approved this merge request
Julian merged Sep 1, 2021

merged

Please register or sign in to reply

Impressum - Datenschutzerklärung