Merge pull request #1077 from Scalingo/feat/database-dashboard/659/st…

…rengthen_passwords [STORY-648] feat: raise DB user passwords minimum length to 24
Scalingo · Sep 17, 2024 · bb65243 · bb65243
2 parents ddc1542 + 898eda6
commit bb65243
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ### To be Released
 
+* feat(database/users): raise minimum user password length to 24 ([PR#1077](https://github.com/Scalingo/cli/pull/1077))
+
 ### 1.33.0
 
 * fix(one-off): remove async field from the run command ([PR#1060](https://github.com/Scalingo/cli/pull/1060))

diff --git a/db/users/create.go b/db/users/create.go
@@ -57,7 +57,7 @@ func CreateUser(ctx context.Context, app, addonUUID, username string, readonly b
 	isPasswordGenerated := false
 	if password == "" {
 		isPasswordGenerated = true
-		password = gopassword.Generate(64)
+		password = gopassword.Generate()
 		confirmedPassword = password
 	}
 

diff --git a/db/users/utils.go b/db/users/utils.go
@@ -87,15 +87,15 @@ func isPasswordValid(password, confirmedPassword string) (string, bool) {
 	if password != confirmedPassword {
 		return "Password confirmation doesn't match", false
 	}
-	if len(password) < 8 || len(password) > 64 {
-		return "Password must contain between 8 and 64 characters", false
+	if len(password) < 24 || len(password) > 64 {
+		return "Password must contain between 24 and 64 characters", false
 	}
 	return "", true
 }
 
 func isUsernameValid(username string) (string, bool) {
 	if len(username) < 6 || len(username) > 32 {
-		return "name must contain between 6 and 32 characters", false
+		return "Name must contain between 6 and 32 characters", false
 	}
 	return "", true
 }
diff --git a/db/users/utils_test.go b/db/users/utils_test.go
@@ -0,0 +1,105 @@
+package users
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_isPasswordValid(t *testing.T) {
+	testPasswords := map[string]struct {
+		password         string
+		confirmation     string
+		expectedValidity bool
+		expectedMessage  string
+	}{
+		"empty": {
+			password:         "",
+			confirmation:     "",
+			expectedValidity: true,
+			expectedMessage:  "",
+		},
+		"confirmation doesn't match": {
+			password:         "abc",
+			confirmation:     "aBc",
+			expectedValidity: false,
+			expectedMessage:  "Password confirmation doesn't match",
+		},
+		"too short": {
+			password:         "123456789a123456789b123",
+			confirmation:     "123456789a123456789b123",
+			expectedValidity: false,
+			expectedMessage:  "Password must contain between 24 and 64 characters",
+		},
+		"too long": {
+			password:         "123456789a123456789b123456789c123456789d123456789e123456789f12345",
+			confirmation:     "123456789a123456789b123456789c123456789d123456789e123456789f12345",
+			expectedValidity: false,
+			expectedMessage:  "Password must contain between 24 and 64 characters",
+		},
+		"valid, short password": {
+			password:         "123456789a123456789b1234",
+			confirmation:     "123456789a123456789b1234",
+			expectedValidity: true,
+			expectedMessage:  "",
+		},
+		"valid, log password ": {
+			password:         "123456789a123456789b123456789c123456789d123456789e123456789f1234",
+			confirmation:     "123456789a123456789b123456789c123456789d123456789e123456789f1234",
+			expectedValidity: true,
+			expectedMessage:  "",
+		},
+	}
+
+	for name, testCase := range testPasswords {
+		t.Run(name, func(t *testing.T) {
+			message, isValid := isPasswordValid(testCase.password, testCase.confirmation)
+
+			assert.Equal(t, testCase.expectedValidity, isValid)
+			assert.Equal(t, testCase.expectedMessage, message)
+		})
+	}
+}
+
+func Test_isUsernameValid(t *testing.T) {
+	testPasswords := map[string]struct {
+		username         string
+		expectedValidity bool
+		expectedMessage  string
+	}{
+		"empty": {
+			username:         "",
+			expectedValidity: false,
+			expectedMessage:  "Name must contain between 6 and 32 characters",
+		},
+		"too short": {
+			username:         "12345",
+			expectedValidity: false,
+			expectedMessage:  "Name must contain between 6 and 32 characters",
+		},
+		"too long": {
+			username:         "123456789a123456789b123456789c123",
+			expectedValidity: false,
+			expectedMessage:  "Name must contain between 6 and 32 characters",
+		},
+		"valid, short username": {
+			username:         "123456",
+			expectedValidity: true,
+			expectedMessage:  "",
+		},
+		"valid, long username": {
+			username:         "123456789a123456789b123456789c12",
+			expectedValidity: true,
+			expectedMessage:  "",
+		},
+	}
+
+	for name, testCase := range testPasswords {
+		t.Run(name, func(t *testing.T) {
+			message, isValid := isUsernameValid(testCase.username)
+
+			assert.Equal(t, testCase.expectedValidity, isValid)
+			assert.Equal(t, testCase.expectedMessage, message)
+		})
+	}
+}