Password policy improvements #589
Conversation
| @@ -45,7 +45,8 @@ | |||
| <div class="centralize-content"> | |||
| <#-- App-initiated actions should not see warning messages about the need to complete the action --> | |||
| <#-- during login. --> | |||
| <#if displayMessage && message?has_content && (message.type != 'warning' || !isAppInitiatedAction??)> | |||
| <br /> | |||
| <#if displayMessage && message?has_content && message.type != 'warning' && !isAppInitiatedAction??> | |||
There was a problem hiding this comment.
just taking out the parentheses fixed the logic here and no longer shows the "activate your account" message but still shows the error messages if someone inputs the wrong password
|
|
||
| if (LoggedInUser?.user?.participants!.length === 0) { | ||
| return <ErrorView message='You do not have access to any participants.' />; | ||
| } | ||
| if (location.pathname !== '/account/create' && LoggedInUser && !participant) { | ||
| if (LoggedInUser && !participant) { |
There was a problem hiding this comment.
this account/create page does not exist anymore and should be removed. randomly found this when testing stuff
|
|
||
| function loadBlacklist() { | ||
| // txt file of common passwords recommended to blacklist by NIST | ||
| fetch('https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt') |
There was a problem hiding this comment.
pulling from this file, but we can also store the txt file in our code if that makes sense too. i went with this option because i didnt want to take up space in the code for a huge file, but it would be an issue if this URL changes
There was a problem hiding this comment.
I don't love relying on a 3rd party to be up in order for our blacklist to work. You can just save the file locally and load it from there, too.
ashleysmithTTD
deleted the
ans-UID2-4615-passsword-policy-improvements
branch
What Changed: