diff options
author | Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> | 2020-03-26 17:51:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-26 16:51:13 +0000 |
commit | e8e2ddb60ae11db488f159901d918cb159695912 (patch) | |
tree | 11a1e2c0187b30e8c969bb3e695e1416f2d2a579 /synapse/config | |
parent | Validate that the session is not modified during UI-Auth (#7068) (diff) | |
download | synapse-e8e2ddb60ae11db488f159901d918cb159695912.tar.xz |
Allow server admins to define and enforce a password policy (MSC2000). (#7118)
Diffstat (limited to 'synapse/config')
-rw-r--r-- | synapse/config/password.py | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/synapse/config/password.py b/synapse/config/password.py index 2a634ac751..9c0ea8c30a 100644 --- a/synapse/config/password.py +++ b/synapse/config/password.py @@ -31,6 +31,10 @@ class PasswordConfig(Config): self.password_localdb_enabled = password_config.get("localdb_enabled", True) self.password_pepper = password_config.get("pepper", "") + # Password policy + self.password_policy = password_config.get("policy") or {} + self.password_policy_enabled = self.password_policy.get("enabled", False) + def generate_config_section(self, config_dir_path, server_name, **kwargs): return """\ password_config: @@ -48,4 +52,39 @@ class PasswordConfig(Config): # DO NOT CHANGE THIS AFTER INITIAL SETUP! # #pepper: "EVEN_MORE_SECRET" + + # Define and enforce a password policy. Each parameter is optional. + # This is an implementation of MSC2000. + # + policy: + # Whether to enforce the password policy. + # Defaults to 'false'. + # + #enabled: true + + # Minimum accepted length for a password. + # Defaults to 0. + # + #minimum_length: 15 + + # Whether a password must contain at least one digit. + # Defaults to 'false'. + # + #require_digit: true + + # Whether a password must contain at least one symbol. + # A symbol is any character that's not a number or a letter. + # Defaults to 'false'. + # + #require_symbol: true + + # Whether a password must contain at least one lowercase letter. + # Defaults to 'false'. + # + #require_lowercase: true + + # Whether a password must contain at least one lowercase letter. + # Defaults to 'false'. + # + #require_uppercase: true """ |