Ghost/core/server/models
Aileen Nowak c8cbbc4eb6 Improved password validation rules (#9171)
refs #9150 

- Moves the password length fn from `models/user` to `data/validation` where the other validator functions live.
- Added password validation rules. Password rules added:
   - Disallow obviously bad passwords: '1234567890', 'qwertyuiop', 'asdfghjkl;' and 'asdfghjklm' for example
   - Disallow passwords that contain the words 'password' or 'ghost'
   - Disallow passwords that match the user's email address
   - Disallow passwords that match the blog domain or blog title
   - Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example.
- Password validation returns an `Object` now, that includes an `isValid` and `message` property to differentiate between the two error messages (password too short or password insecure).
- Use a catch predicate in `api/authentication` on `passwordReset`, so the correct `ValidationError` will be thrown during the password reset flow rather then an `UnauthorizedError`.
- When in setup flow, the blog title is not available yet from `settingsCache`. We therefore supply it from the received form data in the user model `setup` method to have it accessible for the validation.
2017-10-26 11:01:24 +01:00
..
base 🐛 Fixed being able to store invalid date formats (#9090) 2017-10-04 09:56:09 +01:00
plugins Support filtering based on primary_tag (#9124) 2017-10-10 14:07:44 +02:00
accesstoken.js 🎨 register events in base model (#7560) 2016-10-14 13:37:01 +01:00
app-field.js Misc cleanup: moving files & naming functions 2015-06-15 09:43:19 +01:00
app-setting.js Misc cleanup: moving files & naming functions 2015-06-15 09:43:19 +01:00
app.js 🎨 register events in base model (#7560) 2016-10-14 13:37:01 +01:00
client-trusted-domain.js Add table columns for OAuth 2015-09-02 13:39:22 +01:00
client.js 🎨 😎 config env usages (#7929) 2017-02-03 18:25:39 +00:00
index.js 🎨 Separate invites from user 2016-09-26 11:08:43 +02:00
invite.js 🎨 invites roles table into a field on the invites table (#7705) 2016-11-16 09:33:44 +00:00
permission.js Misc cleanup: moving files & naming functions 2015-06-15 09:43:19 +01:00
post.js Prev & next post filtering, with primary tag support (#9141) 2017-10-13 15:44:39 +01:00
refreshtoken.js Misc cleanup: moving files & naming functions 2015-06-15 09:43:19 +01:00
role.js Support for attribute-based permissions (#9025) 2017-09-26 18:06:14 +02:00
settings.js Private RSS feed (#9088) 2017-10-05 11:07:32 +01:00
subscriber.js Support for attribute-based permissions (#9025) 2017-09-26 18:06:14 +02:00
tag.js Protected internal tags visibility (#9076) 2017-10-03 13:00:33 +01:00
user.js Improved password validation rules (#9171) 2017-10-26 11:01:24 +01:00