Expose password policy on GraphQL

Question

Expose password policy on GraphQL

Closed this issue 2 months ago · 3 comments

I'm not sure how best to do this since AIUI the polices are dictated by rego files. However, it would be good if we could expose to the UI what the policy is on passwords so real time feedback can be given.

Answer 1 · 2024-08-12T12:12:26.000Z

We don't use the OPA policy for passwords anymore, but rather the zxcvbn algorithm, and the minimal complexity is exposed through the GraphQL APi:

query {
  siteConfig {
    minimumPasswordComplexity
  }
}

Answer 2 · 2024-08-12T12:13:50.000Z

Note that @reivilibre did some work so that zxcvbn-ts gave the same result as the Rust crate we use by exporting the dictionaries: https://github.com/matrix-org/matrix-authentication-service/blob/main/frontend/src/utils/password_complexity/index.ts

Answer 3 · 2024-08-12T12:26:50.000Z

Aha, this is great thank you!