Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-09 00:18:00 +01:00
Code Issues Projects Releases Wiki Activity

chore: document password requirements

Browse Source
This commit is contained in:
Christopher Kolstad 2021-08-05 14:00:30 +02:00
parent 7fcca8579e
commit 301fc68203
No known key found for this signature in database
GPG Key ID: 559ACB0E3DB5538A
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
websitev2/docs/api/admin/user-admin.md
View File

@ -195,11 +195,23 @@ Possible return values:
Return values: Return values:
- `200 OK`: Password was changed. - `200 OK`: Password was changed.
- `400 Bad Request`: Password was not changed. Unleash requires a strong password. Please see in the response body on how to improve the password. - `400 Bad Request`: Password was not changed. Unleash requires a strong password.
- This means
- minimum 10 characters long
- contains at least one uppercase letter
- contains at least one number
- contains at least one special character (symbol)
- Please see in the response body on how to improve the password.
### Validate password for a user {#validate-password-for-a-user} ### Validate password for a user {#validate-password-for-a-user}
You can use this endpoint to validate the strength of a given password. You can use this endpoint to validate the strength of a given password. Unleash requires a strong password.
- This means
- minimum 10 characters long
- contains at least one uppercase letter
- contains at least one number
- contains at least one special character (symbol)
`http POST http://localhost:4242/api/admin/user-admin/validate-password` `http POST http://localhost:4242/api/admin/user-admin/validate-password`

15
websitev2/docs/deploy/securing-unleash.md
View File

@ -7,11 +7,20 @@ title: Securing Unleash
> This guide is only relevant if you are using Unleash Open-Source. The Enterprise edition does already ship with multiple SSO options, such as SAML 2.0, OpenId Connect. > This guide is only relevant if you are using Unleash Open-Source. The Enterprise edition does already ship with multiple SSO options, such as SAML 2.0, OpenId Connect.
Unleash Open-Source v4 comes with username/password authentication out of the box. In addition Unleash v4 also comes with API token support, to make it easy to handle access tokens for Client SDKs and programmatic asses to the Unleash APIs. Unleash Open-Source v4 comes with username/password authentication out of the box. In addition Unleash v4 also comes with API token support, to make it easy to handle access tokens for Client SDKs and programmatic access to the Unleash APIs.
### Password requirements {#password-requirements}
Unleash requires a strong password.
- minimum 10 characters long
- contains at least one uppercase letter
- contains at least one number
- contains at least one special character (symbol)
### Implementing Custom Authentication {#implementing-custom-authentication} ### Implementing Custom Authentication {#implementing-custom-authentication}
If you do not wish to use the built-in If you do not wish to use the built-in username/password authentication you can add a customAuthHandler
To secure the Admin API, you have to tell Unleash that you are using a custom admin authentication and implement your authentication logic as a preHook. To secure the Admin API, you have to tell Unleash that you are using a custom admin authentication and implement your authentication logic as a preHook.
@ -27,7 +36,7 @@ unleash
customAuthHandler: myCustomAdminAuth, customAuthHandler: myCustomAdminAuth,
}, },
}) })
.then(unleash => { .then((unleash) => {
console.log( console.log(
`Unleash started on http://localhost:${unleash.app.get('port')}`, `Unleash started on http://localhost:${unleash.app.get('port')}`,
); );