Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nextcloud/password_policy
:lock: Let the admin define certain rules for passwords, e.g. a minimum length
https://github.com/nextcloud/password_policy
admin-tools nextcloud
Last synced: 3 months ago
JSON representation
:lock: Let the admin define certain rules for passwords, e.g. a minimum length
- Host: GitHub
- URL: https://github.com/nextcloud/password_policy
- Owner: nextcloud
- License: agpl-3.0
- Created: 2016-06-24T08:47:31.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2024-05-28T01:08:08.000Z (7 months ago)
- Last Synced: 2024-05-28T11:15:41.537Z (7 months ago)
- Topics: admin-tools, nextcloud
- Language: PHP
- Homepage:
- Size: 27.1 MB
- Stars: 33
- Watchers: 7
- Forks: 19
- Open Issues: 30
-
Metadata Files:
- Readme: README.md
- Contributing: .github/contributing.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Authors: AUTHORS.md
Awesome Lists containing this project
README
# Password policy
[![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/password_policy)](https://api.reuse.software/info/github.com/nextcloud/password_policy) [![PHPUnit status](https://github.com/nextcloud/password_policy/actions/workflows/phpunit-sqlite.yml/badge.svg)](https://github.com/nextcloud/password_policy/actions/workflows/phpunit-sqlite.yml)
This app enables the the admin to define certain rules for passwords, for example the minimum length of a password.
By default the app enforces a minimum password length of 8 characters and checks every password against the 1.000.000 most common passwords.
Currently the app checks passwords for public link shares and for user passwords if the database backend is used.
Once the app is enabled you find the "Password policy" settings in the admin section:
![screenshot of the admin section](./screenshots/password_policy_settings.png)
## Integrate in other apps
### Generate passwords
This app is capable of generating passwords according to the configured policy, so to create a password for your app:````php
$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$event = new \OCP\Security\Events\GenerateSecurePasswordEvent();
try {
$eventDispatcher->dispatchTyped($event);
} catch (\OCP\HintException $e) {
// ⚠️ The password generation failed, more information is set on the exception
}
$password = $event->getPassword() ?? 'fallback when this app is not enabled';
````### Validate passwords
You can easily check passwords for your own app by adding following code to your app:````php
$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$password = 'the-password-you-want-to-validate';
$event = new \OCP\Security\Events\ValidatePasswordPolicyEvent($password);
try {
$eventDispatcher->dispatchTyped($event);
// ✅ The password is valid;
} catch (\OCP\HintException $e) {
// ❌ The password is invalid
}
````