diff --git a/internal/start/start.go b/internal/start/start.go index 9c997255f..026a75a0a 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -462,6 +462,13 @@ EOF formatMapForEnvConfig(utils.Config.Auth.Sms.TestOTP, &testOTP) } + var password_requirements = map[config.PasswordRequirements]string{ + "": "", + "letters_digits": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789", + "lower_upper_letters_digits": "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789", + "lower_upper_letters_digits_symbols": "abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789:!@#$%^&*()_+-=[]{};'\\\\:\"|<>?,./`~", + } + env := []string{ "API_EXTERNAL_URL=" + utils.Config.Api.ExternalUrl, @@ -507,7 +514,7 @@ EOF "GOTRUE_SMS_TEST_OTP=" + testOTP.String(), fmt.Sprintf("GOTRUE_PASSWORD_MIN_LENGTH=%v", utils.Config.Auth.MinimumPasswordLength), - fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", utils.Config.Auth.PasswordRequirements), + fmt.Sprintf("GOTRUE_PASSWORD_REQUIRED_CHARACTERS=%v", password_requirements[utils.Config.Auth.PasswordRequirements]), fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_ROTATION_ENABLED=%v", utils.Config.Auth.EnableRefreshTokenRotation), fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_REUSE_INTERVAL=%v", utils.Config.Auth.RefreshTokenReuseInterval), fmt.Sprintf("GOTRUE_SECURITY_MANUAL_LINKING_ENABLED=%v", utils.Config.Auth.EnableManualLinking), diff --git a/pkg/config/auth.go b/pkg/config/auth.go index 180908d7f..3baf53984 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -10,21 +10,30 @@ import ( "github.com/supabase/cli/pkg/diff" ) +type PasswordRequirements string + +const ( + NoRequirements PasswordRequirements = "" + LettersDigits PasswordRequirements = "letters_digits" + LowerUpperLettersDigits PasswordRequirements = "lower_upper_letters_digits" + LowerUpperLettersDigitsSymbols PasswordRequirements = "lower_upper_letters_digits_symbols" +) + type ( auth struct { Enabled bool `toml:"enabled"` Image string `toml:"-"` - SiteUrl string `toml:"site_url"` - AdditionalRedirectUrls []string `toml:"additional_redirect_urls"` - JwtExpiry uint `toml:"jwt_expiry"` - MinimumPasswordLength uint `toml:"minimum_password_length"` - PasswordRequirements string `toml:"password_requirements"` - EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"` - RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"` - EnableManualLinking bool `toml:"enable_manual_linking"` - EnableSignup bool `toml:"enable_signup"` - EnableAnonymousSignIns bool `toml:"enable_anonymous_sign_ins"` + SiteUrl string `toml:"site_url"` + AdditionalRedirectUrls []string `toml:"additional_redirect_urls"` + JwtExpiry uint `toml:"jwt_expiry"` + MinimumPasswordLength uint `toml:"minimum_password_length"` + PasswordRequirements PasswordRequirements `toml:"password_requirements"` + EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"` + RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"` + EnableManualLinking bool `toml:"enable_manual_linking"` + EnableSignup bool `toml:"enable_signup"` + EnableAnonymousSignIns bool `toml:"enable_anonymous_sign_ins"` Hook hook `toml:"hook"` MFA mfa `toml:"mfa"` diff --git a/pkg/config/config.go b/pkg/config/config.go index b1e7ed570..dcb1ffd4e 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -666,6 +666,10 @@ func (c *baseConfig) Validate(fsys fs.FS) error { return errors.Errorf("Invalid config for auth.additional_redirect_urls[%d]: %v", i, err) } } + allowed := []PasswordRequirements{NoRequirements, LettersDigits, LowerUpperLettersDigits, LowerUpperLettersDigitsSymbols} + if !sliceContains(allowed, c.Auth.PasswordRequirements) { + return errors.Errorf("Invalid config for auth.password_requirements. Must be one of: %v", allowed) + } if err := c.Auth.Hook.validate(); err != nil { return err }