如何在 Zotonic 中实施密码复杂性规则?

发布于 2024-09-26 08:12:53 字数 588 浏览 8 评论 0原文

我想在 Zotonic 中强制实施密码策略。我的第一印象是作为身份编辑器中 new_password 字段的验证器来执行此操作。

以下是一个示例策略:

  • 长度至少为 8 个字符 至少
  • 有一个大写字母
  • 至少有一个小写字母
  • 至少有一个数字
  • 至少有一个非字母数字字符
  • 不基于帐户名称

这是一个可能的实现(未测试):

string:length(Password) >= 8 andalso
re:run(Password, "[A-Z]") =/= nomatch andalso
re:run(Password, "[a-z]") =/= nomatch andalso
re:run(Password, "[0-9]") =/= nomatch andalso
re:run(Password, "[^A-Za-z0-9]") =/= nomatch andalso
re:run(Password, AccountName) =:= nomatch

如何在 Zotonic 中强制执行密码复杂性规则?

I would like to enforce a password policy in Zotonic. My first impression would be to do this as a validator on the new_password field in the Identity editor.

Here is an example policy:

  • Have be at least 8 characters in length
  • Have at least one upper case letter
  • Have at least one lower case letter
  • Have at least one number
  • Have at least one non-alphanumeric character
  • Not be based on account name

Here is a possible implementation (not tested):

string:length(Password) >= 8 andalso
re:run(Password, "[A-Z]") =/= nomatch andalso
re:run(Password, "[a-z]") =/= nomatch andalso
re:run(Password, "[0-9]") =/= nomatch andalso
re:run(Password, "[^A-Za-z0-9]") =/= nomatch andalso
re:run(Password, AccountName) =:= nomatch

How do you enforce password complexity rules in Zotonic?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

和影子一齐双人舞 2024-10-03 08:12:53

您可以做的是将其实现为表单验证。沿着其他验证的路线。

我想知道是否有可用的 JavaScript 来显示密码强度。 (就像交通灯一样,绿色可以,红色确实不行。)

可以使用 {% validate %} scomp 附加验证。

可以通过创建一个正则表达式并使用 format 验证器 http://zotonic.com/documentation/634/format

对于您建议的功能或“红绿灯”功能,最好制作一个自定义验证器。或者我们添加对 LiveValidation 的自定义验证器的支持,然后您可以将 Javascript 函数传递给该验证器进行检查。

What you can do is implement it as a form validation. Along the lines of the other validations.

I was wondering if there is a javascript available that shows the password strength. (Like a traffic light, green ok, red really not ok.)

The validation can be attached using the {% validate %} scomp.

A simple password check could be done by making a single regular expression and attaching it to the password field using the format validator http://zotonic.com/documentation/634/format

For your proposed function, or a "traffic light" functionality, it might be better to make a custom validator. Or that we add support for the Custom validator of LiveValidation, to which you then pass a Javascript function for the check.

美胚控场 2024-10-03 08:12:53

我的同事向我指出:

^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

原作者可以在 http://davidhayden.com/blog/dave/archive/2004/09/25/501.aspx

它在 Zotonic 中使用时有一个小错误(可能是由于 re 模块中的怪异),所以我将 \d 更改为 [0-9] 并减少了所需的长度至 8:

^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

_action_dialog_set_username_password.tpl 中应用它

{% validate id="new_password" type={presence} %}

可以通过将 存在 验证器替换为 格式 验证器作为 Marc 来 我们在如何在 Zotonic 中强制执行密码复杂性规则?

{% validate id="new_password" type={format pattern="^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$"} %}

My colleague pointed me to:

^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

A full explanation is available from the original author at http://davidhayden.com/blog/dave/archive/2004/09/25/501.aspx.

It has a slight bug when used in Zotonic (probably due to weirdness in the re module) so I changed the \d to [0-9] and reduced the required length to 8:

^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

It can be applied in _action_dialog_set_username_password.tpl by replacing the presence validator:

{% validate id="new_password" type={presence} %}

with a format validator as Marc W describes in How do you enforce password complexity rules in Zotonic?:

{% validate id="new_password" type={format pattern="^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$"} %}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文