From 2e8fd737afe144fe39fbd94c7dfe85a312460efd Mon Sep 17 00:00:00 2001 From: Athou Date: Sat, 10 Jan 2026 17:53:05 +0100 Subject: [PATCH] remove complex password requirements (#1916) --- .../com/commafeed/CommaFeedApplication.java | 2 +- .../com/commafeed/CommaFeedConfiguration.java | 6 ++--- .../password/PasswordConstraintValidator.java | 27 +++---------------- .../java/com/commafeed/TestConstants.java | 2 +- .../com/commafeed/e2e/AuthentificationIT.java | 7 ++--- 5 files changed, 11 insertions(+), 33 deletions(-) diff --git a/commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java b/commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java index 9c6331e7..9cecaf31 100644 --- a/commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java +++ b/commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java @@ -20,7 +20,7 @@ public class CommaFeedApplication { private final CommaFeedConfiguration config; public void start(@Observes StartupEvent ev) { - PasswordConstraintValidator.setStrict(config.users().strictPasswordPolicy()); + PasswordConstraintValidator.setMinimumPasswordLength(config.users().minimumPasswordLength()); feedRefreshEngine.start(); taskScheduler.start(); diff --git a/commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java b/commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java index 214a1943..269f0bd4 100644 --- a/commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java +++ b/commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java @@ -326,10 +326,10 @@ public interface CommaFeedConfiguration { boolean allowRegistrations(); /** - * Whether to enable strict password validation (1 uppercase char, 1 lowercase char, 1 digit, 1 special char). + * Minimum password length for user accounts. */ - @WithDefault("true") - boolean strictPasswordPolicy(); + @WithDefault("4") + int minimumPasswordLength(); /** * Whether to create a demo account the first time the app starts. diff --git a/commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java b/commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java index 8045d0ed..34e84e2c 100644 --- a/commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java +++ b/commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java @@ -6,8 +6,6 @@ import jakarta.validation.ConstraintValidator; import jakarta.validation.ConstraintValidatorContext; import org.apache.commons.lang3.StringUtils; -import org.passay.CharacterRule; -import org.passay.EnglishCharacterData; import org.passay.LengthRule; import org.passay.PasswordData; import org.passay.PasswordValidator; @@ -19,7 +17,7 @@ import lombok.Setter; public class PasswordConstraintValidator implements ConstraintValidator { @Setter - private static boolean strict = true; + private static int minimumPasswordLength; @Override public void initialize(ValidPassword constraintAnnotation) { @@ -32,7 +30,7 @@ public class PasswordConstraintValidator implements ConstraintValidator