forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
89 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| fixes: | ||
| - id: 1 | ||
| explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Furthermore, NIST-800-63B requires that passwords don't appear in common dictionaries. | ||
| If you want to have more fun with secrets, check out OWASP Wrong Secrets at https://wrongsecrets.fly.dev/, specially challenge 16 and 23." | ||
| - id: 2 | ||
| explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Usage of special character tests is not appropriate (anymore) because users tend to find known workarounds like notes with passwords or adding an exclamation mark at the end to add a special character." | ||
| - id: 3 | ||
| explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Usage of special character tests is not appropriate (anymore) because users tend to find known workarounds like notes with passwords or adding an exclamation mark at the end to add a special character." | ||
| - id: 4 | ||
| explanation: "According to NIST-800-63B passwords (Memorized Secrets) should be at least 8 characters to prevent 'online attacks'." | ||
| hints: | ||
| - "NIST Special Publication 800-63B has changed the recommendation for passwords (Memorized Secrets) requirements in 2017." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| export class LoginComponent implements OnInit { | ||
| public emailControl = new UntypedFormControl('', [Validators.required]) | ||
|
|
||
| public passwordControl = new UntypedFormControl('', [ | ||
| Validators.required, | ||
| Validators.minLength(8), | ||
| validatePasswordIsNotInTopOneMillionCommonPasswordsList() | ||
| ]) | ||
|
|
||
| public hide = true | ||
| public user: any | ||
| public rememberMe: UntypedFormControl = new UntypedFormControl(false) | ||
| public error: any | ||
| public clientId = '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com' | ||
| public oauthUnavailable: boolean = true | ||
| public redirectUri: string = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| export class LoginComponent implements OnInit { | ||
| public emailControl = new UntypedFormControl('', [Validators.required]) | ||
|
|
||
| public passwordControl = new UntypedFormControl('', [ | ||
| Validators.required, | ||
| Validators.minLength(8), | ||
| validatePasswordHasAtLeastOneNumber(), | ||
| validatePasswordHasAtLeastOneSpecialChar(), | ||
| validatePasswordHasAtLeastOneUpperCaseChar(), | ||
| validatePasswordHasAtLeastOneLowerCaseChar(), | ||
| ]) | ||
|
|
||
| public hide = true | ||
| public user: any | ||
| public rememberMe: UntypedFormControl = new UntypedFormControl(false) | ||
| public error: any | ||
| public clientId = '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com' | ||
| public oauthUnavailable: boolean = true | ||
| public redirectUri: string = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| export class LoginComponent implements OnInit { | ||
| public emailControl = new UntypedFormControl('', [Validators.required]) | ||
|
|
||
| public passwordControl = new UntypedFormControl('', [ | ||
| Validators.required, | ||
| Validators.minLength(8), | ||
| validatePasswordHasAtLeastOneNumber(), | ||
| validatePasswordHasAtLeastOneSpecialChar(), | ||
| validatePasswordHasAtLeastOneUpperCaseChar(), | ||
| validatePasswordHasAtLeastOneLowerCaseChar(), | ||
| validatePasswordHasNoSpace(), | ||
| ]) | ||
|
|
||
| public hide = true | ||
| public user: any | ||
| public rememberMe: UntypedFormControl = new UntypedFormControl(false) | ||
| public error: any | ||
| public clientId = '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com' | ||
| public oauthUnavailable: boolean = true | ||
| public redirectUri: string = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| export class LoginComponent implements OnInit { | ||
| public emailControl = new UntypedFormControl('', [Validators.required]) | ||
|
|
||
| public passwordControl = new UntypedFormControl('', [ | ||
| Validators.required, | ||
| Validators.minLength(2), | ||
| validatePasswordIsNotInTopOneMillionCommonPasswordsList() | ||
| ]) | ||
|
|
||
| public hide = true | ||
| public user: any | ||
| public rememberMe: UntypedFormControl = new UntypedFormControl(false) | ||
| public error: any | ||
| public clientId = '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com' | ||
| public oauthUnavailable: boolean = true | ||
| public redirectUri: string = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters