fix: change password requirements to a map

supabase · Nov 26, 2024 · 0030a06 · 0030a06
1 parent 260897a
commit 0030a06
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 11 deletions.
diff --git a/internal/start/start.go b/internal/start/start.go
@@ -462,6 +462,13 @@ EOF
 			formatMapForEnvConfig(utils.Config.Auth.Sms.TestOTP, &testOTP)
 		}
 
+		var password_requirements = map[config.PasswordRequirements]string{
+			"":                                   "",
+			"letters_digits":                     "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789",
+			"lower_upper_letters_digits":         "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789",
+			"lower_upper_letters_digits_symbols": "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789:!@#$%^&*()_+-=[]{};'\\\\:\"|<>?,./`~",
+		}
+
 		env := []string{
 			"API_EXTERNAL_URL=" + utils.Config.Api.ExternalUrl,
 
@@ -507,7 +514,7 @@ EOF
 			"GOTRUE_SMS_TEST_OTP=" + testOTP.String(),
 
 			fmt.Sprintf("GOTRUE_PASSWORD_MIN_LENGTH=%v", utils.Config.Auth.MinimumPasswordLength),
-			fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", utils.Config.Auth.PasswordRequirements),
+			fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", password_requirements[utils.Config.Auth.PasswordRequirements]),
 			fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_ROTATION_ENABLED=%v", utils.Config.Auth.EnableRefreshTokenRotation),
 			fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_REUSE_INTERVAL=%v", utils.Config.Auth.RefreshTokenReuseInterval),
 			fmt.Sprintf("GOTRUE_SECURITY_MANUAL_LINKING_ENABLED=%v", utils.Config.Auth.EnableManualLinking),

diff --git a/pkg/config/auth.go b/pkg/config/auth.go
@@ -10,21 +10,30 @@ import (
 	"github.com/supabase/cli/pkg/diff"
 )
 
+type PasswordRequirements string
+
+const (
+	NoRequirements                 PasswordRequirements = ""
+	LettersDigits                  PasswordRequirements = "letters_digits"
+	LowerUpperLettersDigits        PasswordRequirements = "lower_upper_letters_digits"
+	LowerUpperLettersDigitsSymbols PasswordRequirements = "lower_upper_letters_digits_symbols"
+)
+
 type (
 	auth struct {
 		Enabled bool   `toml:"enabled"`
 		Image   string `toml:"-"`
 
-		SiteUrl                    string   `toml:"site_url"`
-		AdditionalRedirectUrls     []string `toml:"additional_redirect_urls"`
-		JwtExpiry                  uint     `toml:"jwt_expiry"`
-		MinimumPasswordLength      uint     `toml:"minimum_password_length"`
-		PasswordRequirements       string   `toml:"password_requirements"`
-		EnableRefreshTokenRotation bool     `toml:"enable_refresh_token_rotation"`
-		RefreshTokenReuseInterval  uint     `toml:"refresh_token_reuse_interval"`
-		EnableManualLinking        bool     `toml:"enable_manual_linking"`
-		EnableSignup               bool     `toml:"enable_signup"`
-		EnableAnonymousSignIns     bool     `toml:"enable_anonymous_sign_ins"`
+		SiteUrl                    string               `toml:"site_url"`
+		AdditionalRedirectUrls     []string             `toml:"additional_redirect_urls"`
+		JwtExpiry                  uint                 `toml:"jwt_expiry"`
+		MinimumPasswordLength      uint                 `toml:"minimum_password_length"`
+		PasswordRequirements       PasswordRequirements `toml:"password_requirements"`
+		EnableRefreshTokenRotation bool                 `toml:"enable_refresh_token_rotation"`
+		RefreshTokenReuseInterval  uint                 `toml:"refresh_token_reuse_interval"`
+		EnableManualLinking        bool                 `toml:"enable_manual_linking"`
+		EnableSignup               bool                 `toml:"enable_signup"`
+		EnableAnonymousSignIns     bool                 `toml:"enable_anonymous_sign_ins"`
 
 		Hook     hook     `toml:"hook"`
 		MFA      mfa      `toml:"mfa"`

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -666,6 +666,10 @@ func (c *baseConfig) Validate(fsys fs.FS) error {
 				return errors.Errorf("Invalid config for auth.additional_redirect_urls[%d]: %v", i, err)
 			}
 		}
+		allowed := []PasswordRequirements{NoRequirements, LettersDigits, LowerUpperLettersDigits, LowerUpperLettersDigitsSymbols}
+		if !sliceContains(allowed, c.Auth.PasswordRequirements) {
+			return errors.Errorf("Invalid config for auth.password_requirements. Must be one of: %v", allowed)
+		}
 		if err := c.Auth.Hook.validate(); err != nil {
 			return err
 		}