Merge pull request #5214 from matrix-org/babolivier/password-policy

Allow server admins to define and enforce a password policy (MSC2000)

1 files changed, 30 insertions, 0 deletions

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml

index 8fd699c970..759ea49c5e 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1056,6 +1056,36 @@ password_config:
    #
    #pepper: "EVEN_MORE_SECRET"
 
+   # Define and enforce a password policy. Each parameter is optional, boolean
+   # parameters default to 'false' and integer parameters default to 0.
+   # This is an early implementation of MSC2000.
+   #
+   #policy:
+      # Whether to enforce the password policy.
+      #
+      #enabled: true
+
+      # Minimum accepted length for a password.
+      #
+      #minimum_length: 15
+
+      # Whether a password must contain at least one digit.
+      #
+      #require_digit: true
+
+      # Whether a password must contain at least one symbol.
+      # A symbol is any character that's not a number or a letter.
+      #
+      #require_symbol: true
+
+      # Whether a password must contain at least one lowercase letter.
+      #
+      #require_lowercase: true
+
+      # Whether a password must contain at least one lowercase letter.
+      #
+      #require_uppercase: true
+
 
 
 # Enable sending emails for notification events or expiry notices