diff --git a/packages/backend-core/src/environment.ts b/packages/backend-core/src/environment.ts index 138dbbd9e0..0fec786c31 100644 --- a/packages/backend-core/src/environment.ts +++ b/packages/backend-core/src/environment.ts @@ -166,6 +166,8 @@ const environment = { DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING, BLACKLIST_IPS: process.env.BLACKLIST_IPS, SERVICE_TYPE: "unknown", + PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH, + PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH, /** * Enable to allow an admin user to login using a password. * This can be useful to prevent lockout when configuring SSO. diff --git a/packages/backend-core/src/security/auth.ts b/packages/backend-core/src/security/auth.ts index c90d9df09b..1cce35a0af 100644 --- a/packages/backend-core/src/security/auth.ts +++ b/packages/backend-core/src/security/auth.ts @@ -1,7 +1,7 @@ -import { env } from ".." +import env from "../environment" -export const PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8) -export const PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512) +export const PASSWORD_MIN_LENGTH = +(env.PASSWORD_MIN_LENGTH || 8) +export const PASSWORD_MAX_LENGTH = +(env.PASSWORD_MAX_LENGTH || 512) export function validatePassword( password: string diff --git a/packages/backend-core/src/users/db.ts b/packages/backend-core/src/users/db.ts index 3214b3ab63..4d0d216603 100644 --- a/packages/backend-core/src/users/db.ts +++ b/packages/backend-core/src/users/db.ts @@ -44,6 +44,12 @@ type GroupFns = { getBulk: GroupGetFn getGroupBuilderAppIds: GroupBuildersFn } +type CreateAdminUserOpts = { + ssoId?: string + hashPassword?: boolean + requirePassword?: boolean + skipPasswordValidation?: boolean +} type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn } const bulkDeleteProcessing = async (dbUser: User) => { @@ -112,9 +118,11 @@ export class UserDB { throw new HTTPError("Password change is disabled for this user", 400) } - const passwordValidation = validatePassword(password) - if (!passwordValidation.valid) { - throw new HTTPError(passwordValidation.error, 400) + if (!opts.skipPasswordValidation) { + const passwordValidation = validatePassword(password) + if (!passwordValidation.valid) { + throw new HTTPError(passwordValidation.error, 400) + } } hashedPassword = opts.hashPassword ? await hash(password) : password @@ -489,7 +497,7 @@ export class UserDB { email: string, password: string, tenantId: string, - opts?: { ssoId?: string; hashPassword?: boolean; requirePassword?: boolean } + opts?: CreateAdminUserOpts ) { const user: User = { email: email, @@ -513,6 +521,7 @@ export class UserDB { return await UserDB.save(user, { hashPassword: opts?.hashPassword, requirePassword: opts?.requirePassword, + skipPasswordValidation: opts?.skipPasswordValidation, }) } diff --git a/packages/server/src/startup.ts b/packages/server/src/startup.ts index 6860fe5f9b..f9b5974eb2 100644 --- a/packages/server/src/startup.ts +++ b/packages/server/src/startup.ts @@ -138,7 +138,11 @@ export async function startup(app?: Koa, server?: Server) { bbAdminEmail, bbAdminPassword, tenantId, - { hashPassword: true, requirePassword: true } + { + hashPassword: true, + requirePassword: true, + skipPasswordValidation: true, + } ) // Need to set up an API key for automated integration tests if (env.isTest()) { diff --git a/packages/types/src/sdk/user.ts b/packages/types/src/sdk/user.ts index 2b970da1a9..3f6f69d2d1 100644 --- a/packages/types/src/sdk/user.ts +++ b/packages/types/src/sdk/user.ts @@ -2,4 +2,5 @@ export interface SaveUserOpts { hashPassword?: boolean requirePassword?: boolean currentUserId?: string + skipPasswordValidation?: boolean }