Ghost/core/server/data
Aileen Nowak c8cbbc4eb6 Improved password validation rules (#9171)
refs #9150 

- Moves the password length fn from `models/user` to `data/validation` where the other validator functions live.
- Added password validation rules. Password rules added:
   - Disallow obviously bad passwords: '1234567890', 'qwertyuiop', 'asdfghjkl;' and 'asdfghjklm' for example
   - Disallow passwords that contain the words 'password' or 'ghost'
   - Disallow passwords that match the user's email address
   - Disallow passwords that match the blog domain or blog title
   - Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example.
- Password validation returns an `Object` now, that includes an `isValid` and `message` property to differentiate between the two error messages (password too short or password insecure).
- Use a catch predicate in `api/authentication` on `passwordReset`, so the correct `ValidationError` will be thrown during the password reset flow rather then an `UnauthorizedError`.
- When in setup flow, the blog title is not available yet from `settingsCache`. We therefore supply it from the received form data in the user model `setup` method to have it accessible for the validation.
2017-10-26 11:01:24 +01:00
..
db Debug: MySQL logging hook 2017-10-04 10:05:35 +01:00
export 🐛 Fix ghost update with migrations (#8810) 2017-08-01 17:27:13 +04:00
importer Improved importer logic for password in users (#9161) 2017-10-19 10:43:52 +01:00
meta Misc cleanup & consistency amends (#9002) 2017-09-12 17:31:14 +02:00
migrations Custom post templates (#9073) 2017-10-10 13:36:35 +01:00
schema Custom post templates (#9073) 2017-10-10 13:36:35 +01:00
validation Improved password validation rules (#9171) 2017-10-26 11:01:24 +01:00
xml Move xmlrpc & slack to services (#9179) 2017-10-25 15:27:56 +01:00
timezones.json Adds UTC as select option to timezones select list 2016-06-10 15:19:16 +02:00