Nextcloud-Archive/password_policy
1
0
Fork 0
mirror of https://github.com/nextcloud/password_policy.git synced 2025-10-26 15:02:08 +01:00
Code Issues Projects Releases Packages Wiki Activity
No description
1,394 commits 42 branches 831 tags 66 MiB
Find a file
Exact
Nextcloud bot 1b74ebf835
 fix(l10n): Update translations from Transifex 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2025-10-20 01:16:39 +00:00
.github feat(deps): Add Nextcloud 33 support on master 2025-09-04 12:12:41 +02:00
.tx [tx-robot] Update transifex configuration 2022-10-01 02:48:48 +00:00
appinfo feat(deps): Add Nextcloud 33 support on master 2025-09-04 12:12:41 +02:00
css fix(deps): Fix npm audit 2025-08-28 08:42:23 +02:00
img fix(icon): Add real size to SVG to fix iOS 2024-04-30 14:57:53 +02:00
js chore(assets): Recompile assets 2025-09-04 16:21:07 +00:00
l10n fix(l10n): Update translations from Transifex 2025-10-20 01:16:39 +00:00
lib chore(style): apply Nextcloud Coding Standard 1.4.0 2025-09-16 15:43:24 +02:00
LICENSES chore: Add psalm and fix reported errors 2024-09-02 11:54:27 +02:00
lists build(passwords): Regenerate lists 2024-10-22 15:34:14 +02:00
screenshots chore: Update README 2024-08-19 18:20:12 +02:00
src feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
templates chore: Add SPDX header 2024-04-27 16:03:13 +02:00
tests chore(style): apply Nextcloud Coding Standard 1.4.0 2025-09-16 15:43:24 +02:00
vendor-bin Chore(deps-dev): Bump symfony/process in /vendor-bin/phpunit 2025-01-18 14:10:03 +01:00
.eslintrc.json feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
.gitattributes chore: Update README 2024-08-19 18:20:12 +02:00
.gitignore ci: Ignore PHPUnit cache 2024-11-15 22:36:11 +01:00
.l10nignore l10n - Don't parse assets 2021-03-31 23:44:09 +02:00
.php-cs-fixer.dist.php chore: Add SPDX header 2024-04-27 16:03:13 +02:00
.scrutinizer.yml chore: Add SPDX header 2024-04-27 16:03:13 +02:00
AUTHORS.md chore: Fix REUSE license extraction for built assets 2024-09-01 20:03:42 +02:00
codecov.yml chore: Add SPDX header 2024-04-27 16:03:13 +02:00
composer.json ci(openapi): Add CI for OpenAPI 2024-11-15 22:33:12 +01:00
composer.lock Chore(deps-dev): Bump nextcloud/coding-standard from 1.3.2 to 1.4.0 2025-09-16 15:41:36 +02:00
LICENSE Initial commit 2016-06-24 10:47:32 +02:00
openapi.json feat: Support different password policies per password context 2025-01-30 15:41:30 +01:00
package-lock.json Chore(deps-dev): Bump typescript from 5.9.2 to 5.9.3 2025-10-04 01:05:22 +00:00
package.json Chore(deps-dev): Bump typescript from 5.9.2 to 5.9.3 2025-10-04 01:05:22 +00:00
psalm.xml chore: Add psalm and fix reported errors 2024-09-02 11:54:27 +02:00
README.md chore: Update README 2024-08-19 18:20:12 +02:00
REUSE.toml feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
stylelint.config.cjs fix: Modernize build system to use vite and @nextcloud/vue version 8 2024-03-14 11:20:03 +01:00
stylelint.config.cjs.license chore: Add SPDX header 2024-04-27 16:03:13 +02:00
tsconfig.json feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00
vite.config.ts feat: Allow configure different policies per password context in the UI 2025-01-30 15:42:19 +01:00

README.md

Password policy

REUSE status PHPUnit status

This app enables the the admin to define certain rules for passwords, for example the minimum length of a password.

By default the app enforces a minimum password length of 8 characters and checks every password against the 1.000.000 most common passwords.

Currently the app checks passwords for public link shares and for user passwords if the database backend is used.

Once the app is enabled you find the "Password policy" settings in the admin section:

screenshot of the admin section

Integrate in other apps

Generate passwords

This app is capable of generating passwords according to the configured policy, so to create a password for your app:

$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$event = new \OCP\Security\Events\GenerateSecurePasswordEvent();
try {
  $eventDispatcher->dispatchTyped($event);
} catch (\OCP\HintException $e) {
  // ⚠️ The password generation failed, more information is set on the exception
}
$password = $event->getPassword() ?? 'fallback when this app is not enabled';

Validate passwords

You can easily check passwords for your own app by adding following code to your app:

$eventDispatcher = \OCP\Server::get(IEventDispatcher::class);
$password = 'the-password-you-want-to-validate';
$event = new \OCP\Security\Events\ValidatePasswordPolicyEvent($password);
try {
  $eventDispatcher->dispatchTyped($event);
  // ✅ The password is valid;
} catch (\OCP\HintException $e) {
  // ❌ The password is invalid
}