Comments (6)
I'm not sure if we have precedence for this kind of scenario, but approach 1 seems like a good candidate.
If you need another alternative, consider adding a parameter to the password setting API such as a 'dry-run' flag. Then you can reuse whatever error comes from the backend system to populate the front end ❌, or a ✔️
from security-dashboards-plugin.
Two possible ways we can solve this, as @cwperks pointed out, rule/regex based regex seems to be at odds, or at least not 1:1 with library based password scoring.
Approach 1 (my vote):
Step 1: - Don't allow users to create users with passwords that violate the regex rule specified in the config file
Step 2: - Try to use https://github.com/dropbox/zxcvbn - or similar to match UI with what backend would return for the strength of a given password
We will still allow users to try and send passwords that pass UI/frontend checks, but the backend will make the final call on whether that user's password strength is strong enough to allow for creation
Approach 2:
Step 1: Allow users to set whether they want to use regex based Password creation, or strength based password creation
Step 2: Modify Backend to only use the library if user selected strength based password creation, otherwise just check with the validation regex from the config
Step 3: Match the UI with whatever the user config is
from security-dashboards-plugin.
[Triage] @derek-ho thank you for filing this issue. Going to tag UX/UI, and assign this issue to you ;)
from security-dashboards-plugin.
In general, strong/weak indicators alone is rather ambiguous. We should provide upfront guidance on how to make passwords strong, eliminating any guesses on our users.
As users are typing in their passwords, I would consider specifically listing out which password criteria users are missing, so that users have clear actionable path.
from security-dashboards-plugin.
Two possible ways we can solve this, as @cwperks pointed out, rule/regex based regex seems to be at odds, or at least not 1:1 with library based password scoring.
Is there an issue that gives full context behind why we need a password strength UI? What did @cwperks pointed out? Thanks.
from security-dashboards-plugin.
Related Issues (20)
- [RELEASE] Release version 3.0.0 HOT 1
- [RELEASE] Release version 2.10.0 HOT 4
- [BUG] 1.x should contain changes from 1.3 HOT 1
- [BUG] OpenID Token not refreshed HOT 15
- [FEATURE] OpenSearch logo should inherit from OpenSearch Dashboards branding configuration (and be theme-aware) HOT 2
- [RELEASE] Release version 3.0.0 HOT 2
- (OUI Next Theme) Security HOT 23
- [BUG] SSO login redirect to home page instead of nexturl HOT 4
- (OUI Next Theme) Log in HOT 16
- [BUG] install_dashboards github action is not properly handling multi-digit major or minor versions HOT 1
- [FEATURE] Mimic the pre-commit hooks from OpenSearch Dashboards HOT 1
- [BUG] Issues running selenium tests with headless Firefox HOT 5
- [AUTOCUT] Integration Test failed for securityDashboards: 1.3.12 tar distribution HOT 4
- [AUTOCUT] Integration Test failed for securityDashboards: 1.3.12 rpm distribution HOT 1
- [BUG] 2 failing integration tests in jwt_auth.test.ts in 2.x HOT 4
- Enable SAML Integration tests for windows
- [Cypress12] Ensure cypress functional tests run with Cypress12 HOT 3
- [FEATURE] Add multi tenancy feature flag and whether user is security admin info at request level in authHandler
- [BUG] opensearch login not working with more than 15 roles assign to user HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.