add support for password validation rules

Fixes #494
2025-12-07 23:00:55 +03:00 · 2021-08-06 18:56:07 +02:00
parent 3ac832c8dd
commit ced2e16f41
8 changed files with 104 additions and 8 deletions
--- a/docs/full-configuration.md
+++ b/docs/full-configuration.md
@@ -193,6 +193,11 @@ The configuration file contains the following sections:
    - `bcrypt_options`, struct containing the options for bcrypt hashing algorithm
      - `cost`, integer between 4 and 31. Default: 10
    - `algo`, string. Algorithm to use for hashing passwords. Available algorithms: `argon2id`, `bcrypt`. For bcrypt hashing we use the `$2a$` prefix. Default: `bcrypt`
+  - `password_validation` struct. It defines the password validation rules for admins and protocol users.
+    - `admins`, struct. It defines the password validation rules for SFTPGo admins.
+      - `min_entropy`, float. Defines the minimum password entropy. Take a looke [here](https://github.com/wagslane/go-password-validator#what-entropy-value-should-i-use) for more details. `0` means disabled, any password will be accepted. Default: `0`.
+    - `users`, struct. It defines the password validation rules for SFTPGo protocol users.
+      - `min_entropy`, float. Default: `0`.
  - `password_caching`, boolean. Verifying argon2id passwords has a high memory and computational cost, verifying bcrypt passwords has a high computational cost, by enabling, in memory, password caching you reduce these costs. Default: `true`
  - `update_mode`, integer. Defines how the database will be initialized/updated. 0 means automatically. 1 means manually using the initprovider sub-command.
  - `skip_natural_keys_validation`, boolean. If `true` you can use any UTF-8 character for natural keys as username, admin name, folder name. These keys are used in URIs for REST API and Web admin. If `false` only unreserved URI characters are allowed: ALPHA / DIGIT / "-" / "." / "_" / "~". Default: `false`.