Nextcloud-Archive/password_policy
1
0
Fork 0
mirror of https://github.com/nextcloud/password_policy.git synced 2025-12-24 03:01:27 +01:00
Code Issues Projects Releases Packages Wiki Activity
No description
1,424 commits 38 branches 844 tags 73 MiB
Find a file
Exact
github-actions[bot] 6306fffd74
 Merge pull request #857 from nextcloud/dependabot/npm_and_yarn/sass-1.97.1 
Chore(deps-dev): Bump sass from 1.93.2 to 1.97.1
2025-12-20 03:25:21 +00:00
.github ci: auto adjust PR names 2025-12-19 19:36:45 +01:00
.tx [tx-robot] Update transifex configuration 2022-10-01 02:48:48 +00:00
appinfo feat(deps): Add Nextcloud 33 support on master 2025-09-04 12:12:41 +02:00
css fix(deps): Fix npm audit 2025-08-28 08:42:23 +02:00
img fix(icon): Add real size to SVG to fix iOS 2024-04-30 14:57:53 +02:00
js chore(assets): Recompile assets 2025-12-19 20:13:14 +00:00
l10n fix(l10n): Update translations from Transifex 2025-12-15 01:19:58 +00:00
lib chore(style): apply Nextcloud Coding Standard 1.4.0 2025-09-16 15:43:24 +02:00
LICENSES chore: Add psalm and fix reported errors 2024-09-02 11:54:27 +02:00
lists build(passwords): Regenerate lists 2024-10-22 15:34:14 +02:00
screenshots chore: Update README 2024-08-19 18:20:12 +02:00
src feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
templates chore: Add SPDX header 2024-04-27 16:03:13 +02:00
tests chore: update psalm baseline 2025-12-19 19:29:21 +01:00
vendor-bin chore: adjust for Nextcloud 33 2025-12-19 19:29:21 +01:00
.eslintrc.json feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
.gitattributes chore: Update README 2024-08-19 18:20:12 +02:00
.gitignore ci: Ignore PHPUnit cache 2024-11-15 22:36:11 +01:00
.l10nignore l10n - Don't parse assets 2021-03-31 23:44:09 +02:00
.php-cs-fixer.dist.php chore: Add SPDX header 2024-04-27 16:03:13 +02:00
.scrutinizer.yml chore: Add SPDX header 2024-04-27 16:03:13 +02:00
AUTHORS.md chore: Fix REUSE license extraction for built assets 2024-09-01 20:03:42 +02:00
codecov.yml chore: Add SPDX header 2024-04-27 16:03:13 +02:00
composer.json chore: adjust for Nextcloud 33 2025-12-19 19:29:21 +01:00
composer.lock chore: adjust for Nextcloud 33 2025-12-19 19:29:21 +01:00
LICENSE Initial commit 2016-06-24 10:47:32 +02:00
openapi.json chore: update openAPI 2025-12-19 19:29:21 +01:00
package-lock.json Chore(deps-dev): Bump sass from 1.93.2 to 1.97.1 2025-12-20 02:03:35 +00:00
package.json Chore(deps-dev): Bump sass from 1.93.2 to 1.97.1 2025-12-20 02:03:35 +00:00
psalm.xml chore: adjust for Nextcloud 33 2025-12-19 19:29:21 +01:00
README.md chore: Update README 2024-08-19 18:20:12 +02:00
REUSE.toml feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
stylelint.config.cjs fix: Modernize build system to use vite and @nextcloud/vue version 8 2024-03-14 11:20:03 +01:00
stylelint.config.cjs.license chore: Add SPDX header 2024-04-27 16:03:13 +02:00
tsconfig.json feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
vite.config.ts feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00

README.md

Password policy

REUSE status PHPUnit status

This app enables the the admin to define certain rules for passwords, for example the minimum length of a password.

By default the app enforces a minimum password length of 8 characters and checks every password against the 1.000.000 most common passwords.

Currently the app checks passwords for public link shares and for user passwords if the database backend is used.

Once the app is enabled you find the "Password policy" settings in the admin section:

screenshot of the admin section

Integrate in other apps

Generate passwords

This app is capable of generating passwords according to the configured policy, so to create a password for your app:

$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$event = new \OCP\Security\Events\GenerateSecurePasswordEvent();
try {
  $eventDispatcher->dispatchTyped($event);
} catch (\OCP\HintException $e) {
  // ⚠️ The password generation failed, more information is set on the exception
}
$password = $event->getPassword() ?? 'fallback when this app is not enabled';

Validate passwords

You can easily check passwords for your own app by adding following code to your app:

$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$password = 'the-password-you-want-to-validate';
$event = new \OCP\Security\Events\ValidatePasswordPolicyEvent($password);
try {
  $eventDispatcher->dispatchTyped($event);
  // ✅ The password is valid;
} catch (\OCP\HintException $e) {
  // ❌ The password is invalid
}