Compare commits

...

4 Commits

Author SHA1 Message Date
cong meng
d1a1832654 fix(pwd) EE-3161 ease the minimum password restrictions to 12 characters (#6920)
Some checks failed
/ triage (push) Has been cancelled
Lint / Run linters (push) Has been cancelled
Test Frontend / test (push) Has been cancelled
* fix(pwd): EE-3161 ease the minimum password restrictions to 12 characters
2022-05-12 13:16:56 +12:00
Prabhat Khera
578bacdcac bump version to 2.13.1 (#6913) 2022-05-11 13:49:13 +12:00
Dmitry Salakhov
af14db5112 fix(settings): allow empty edge url (#6908) 2022-05-10 15:51:15 -03:00
andres-portainer
790fd5f7d2 fix(tls): downgrade minimum version to TLS 1.2 to avoid proxy problems EE-3152 (#6910) 2022-05-10 15:33:46 -03:00
10 changed files with 23 additions and 70 deletions

View File

@@ -9,7 +9,18 @@ import (
// CreateServerTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
func CreateServerTLSConfiguration() *tls.Config {
return &tls.Config{
MinVersion: tls.VersionTLS13,
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
},
}
}

View File

@@ -80,7 +80,7 @@ type Handler struct {
}
// @title PortainerCE API
// @version 2.13.0
// @version 2.13.1
// @description.markdown api-description.md
// @termsOfService

View File

@@ -77,7 +77,7 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
}
}
if payload.EdgePortainerURL != nil {
if payload.EdgePortainerURL != nil && *payload.EdgePortainerURL != "" {
_, err := edge.ParseHostForEdge(*payload.EdgePortainerURL)
if err != nil {
return err

View File

@@ -1,33 +1,11 @@
package passwordutils
import (
"regexp"
)
const MinPasswordLen = 12
func lengthCheck(password string) bool {
return len(password) >= MinPasswordLen
}
func comboCheck(password string) bool {
count := 0
regexps := [4]*regexp.Regexp{
regexp.MustCompile(`[a-z]`),
regexp.MustCompile(`[A-Z]`),
regexp.MustCompile(`[0-9]`),
regexp.MustCompile(`[\W_]`),
}
for _, re := range regexps {
if re.FindString(password) != "" {
count += 1
}
}
return count >= 3
}
func StrengthCheck(password string) bool {
return lengthCheck(password) && comboCheck(password)
return lengthCheck(password)
}

View File

@@ -13,9 +13,9 @@ func TestStrengthCheck(t *testing.T) {
}{
{"Empty password", args{""}, false},
{"Short password", args{"portainer"}, false},
{"Short password", args{"portaienr!@#"}, false},
{"Short password", args{"portaienr!@#"}, true},
{"Week password", args{"12345678!@#"}, false},
{"Week password", args{"portaienr123"}, false},
{"Week password", args{"portaienr123"}, true},
{"Good password", args{"Portainer123"}, true},
{"Good password", args{"Portainer___"}, true},
{"Good password", args{"^portainer12"}, true},

View File

@@ -1344,7 +1344,7 @@ type (
const (
// APIVersion is the version number of the Portainer API
APIVersion = "2.13.0"
APIVersion = "2.13.1"
// DBVersion is the version number of the Portainer database
DBVersion = 35
// ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax

View File

@@ -2,17 +2,6 @@ import { react2angular } from '@/react-tools/react2angular';
import { MinPasswordLen } from '../helpers/password';
function PasswordCombination() {
return (
<ul className="text-muted">
<li className="ml-8"> Special characters </li>
<li className="ml-8"> Lower case characters </li>
<li className="ml-8"> Upper case characters </li>
<li className="ml-8"> Numeric characters </li>
</ul>
);
}
export function ForcePasswordUpdateHint() {
return (
<div>
@@ -25,11 +14,8 @@ export function ForcePasswordUpdateHint() {
</p>
<p className="text-muted">
The password must be at least {MinPasswordLen} characters long,
including a combination of one character of three of the below:
The password must be at least {MinPasswordLen} characters long.
</p>
<PasswordCombination />
</div>
);
}
@@ -42,12 +28,9 @@ export function PasswordCheckHint() {
{' '}
</i>
<span>
The password must be at least {MinPasswordLen} characters long,
including a combination of one character of three of the below:
The password must be at least {MinPasswordLen} characters long.
</span>
</p>
<PasswordCombination />
</div>
);
}

View File

@@ -4,19 +4,6 @@ function lengthCheck(password: string) {
return password.length >= MinPasswordLen;
}
function comboCheck(password: string) {
let count = 0;
const regexps = [/[a-z]/, /[A-Z]/, /[0-9]/, /[\W_]/];
regexps.forEach((re) => {
if (password.match(re) != null) {
count += 1;
}
});
return count >= 3;
}
export function StrengthCheck(password: string) {
return lengthCheck(password) && comboCheck(password);
return lengthCheck(password);
}

View File

@@ -68,14 +68,8 @@
<!-- it is a workaround for firefox that does not render component <force-password-update-hint> -->
<p>
<i class="fa fa-times red-icon space-right" aria-hidden="true"></i>
<span>The password must be at least {{ MinPasswordLen }} characters long, including a combination of one character of three of the below:</span>
<span>The password must be at least {{ MinPasswordLen }} characters long.</span>
</p>
<ul>
<li class="ml-8"> Special characters </li>
<li class="ml-8"> Lower case characters </li>
<li class="ml-8"> Upper case characters </li>
<li class="ml-8"> Numeric characters </li>
</ul>
</div>
</div>
<!-- !note -->

View File

@@ -2,7 +2,7 @@
"author": "Portainer.io",
"name": "portainer",
"homepage": "http://portainer.io",
"version": "2.11.0",
"version": "2.13.1",
"repository": {
"type": "git",
"url": "git@github.com:portainer/portainer.git"