gaiwan/Oak
4
2
Fork 0
Code Issues 5 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Password validation changes #7

Merged
arne merged 27 commits from laurence/issue-5 into main 2025-11-28 15:02:29 +00:00
Conversation 2 Commits 27 Files changed 39 +950 -300
laurence commented 2025-11-14 11:11:42 +00:00
Owner
Copy link

features

  • only validate minimum password length, not anything else (so NO checks for capital/lowercase/number/special chars/etc) -> this reflects modern security standards
  • if we check in the frontend, make sure we also check in the backend (general principle: check things in the backend first, then we can consider frontend)
  • make minimum password length configurable (config/get :password/minimum-length)

extra

  • Design a query string debug and config :dev/allow-debug? to use together. This design can disable frontend validation logic, so as to test the backend validation logic.
  • add wrap-flash middleware and a flash-dialog function to show error.
  • Add forgejo workflow (with podman services)
## features - [x] only validate minimum password length, not anything else (so NO checks for capital/lowercase/number/special chars/etc) -> this reflects modern security standards - [x] if we check in the frontend, make sure we also check in the backend (general principle: check things in the backend first, then we can consider frontend) - [x] make minimum password length configurable `(config/get :password/minimum-length)` ## extra - [x] Design a query string `debug` and config `:dev/allow-debug?` to use together. This design can disable **frontend validation logic**, so as to test the **backend validation logic**. - [x] add `wrap-flash` middleware and a `flash-dialog` function to show error. - [x] **Add forgejo workflow (with podman services)**
adding password checking in backend
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m24s
Details
716f8dc17a
1. add wrap-flash
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m24s
Details
3b8b603a1d 
2. Use 303 for PRG = post-redirect-get
3. Use a flash-dialog to show the response message.
laurence changed title from WIP: laurence/issue-5 to laurence/issue-5 2025-11-14 14:56:59 +00:00
arne changed title from laurence/issue-5 to Password validation changes 2025-11-20 05:51:11 +00:00
arne reviewed 2025-11-20 05:51:50 +00:00
resources/oak/config.edn Outdated
@ -19,3 +19,3 @@
:password/min-length 6
:time/zone-id "UTC"
}
:password/minimum-length 8}
arne commented 2025-11-20 05:51:50 +00:00
Owner
Copy link

Did you notice there's a password/min-length two lines up?

Did you notice there's a password/min-length two lines up?
laurence commented 2025-11-20 10:33:43 +00:00
Author
Owner
Copy link

Noticed that now. Will only use :password/min-length.

Noticed that now. Will only use `:password/min-length`.
laurence marked this conversation as resolved
laurence force-pushed laurence/issue-5 from 3b8b603a1d
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m24s
Details
to 76563cf232
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m36s
Details
2025-11-20 10:32:51 +00:00 Compare
laurence commented 2025-11-20 10:39:31 +00:00
Author
Owner
Copy link

ToDo

  • add tests! all functionaliy you add should come with tests, I see you haven't added any tests. If you're not sure what level to test things at, talk to me.
    • change the password length checking logic.
  • the API is part of the product, make sure routes/paths follow a clear and sensible hierarchy, e.g. /dashboard/* should be dashboard-specific stuff. Removing an oauth authorization should not be under dashboard, but should be a generic endpoint under e.g. /authorizations
  • regularly look at the OpenAPI docs, build instructions are in the README. This is part of the product. Add docstrings/summaries/tags so it's easy to understand
    • Currently, handle for dashboard, totp APIs
## ToDo - [x] add tests! all functionaliy you add should come with tests, I see you haven't added any tests. If you're not sure what level to test things at, talk to me. - [x] change the password length checking logic. - [x] the API is part of the product, make sure routes/paths follow a clear and sensible hierarchy, e.g. /dashboard/* should be dashboard-specific stuff. Removing an oauth authorization should not be under dashboard, but should be a generic endpoint under e.g. /authorizations - [x] regularly look at the OpenAPI docs, build instructions are in the README. This is part of the product. Add docstrings/summaries/tags so it's easy to understand - Currently, handle for dashboard, totp APIs
little clean up for html
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m43s
Details
7e9ac61e66
complete apis/dashboard_test
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m56s
Details
6387670fb3
fixing the restful form implementation
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m53s
Details
f22f53571f
laurence force-pushed laurence/issue-5 from f22f53571f
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m53s
Details
to 6890e3128c
All checks were successful
Build And Publish OCI Container / build (push) Successful in 3m21s
Details
2025-11-25 06:54:48 +00:00 Compare
change password-length checking and testing code
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m37s
Details
14f330882d
add forgejo workflows
Some checks failed
Koacha Test Runner / run_koacha (pull_request) Failing after 20s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
4c2ca9c251
laurence force-pushed laurence/issue-5 from 4c2ca9c251
Some checks failed
Koacha Test Runner / run_koacha (pull_request) Failing after 20s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
to c813e52ae7
Some checks failed
Koacha Test Runner / run_koacha (pull_request) Failing after 10s
Details
Build And Publish OCI Container / build (push) Successful in 2m51s
Details
2025-11-25 09:01:32 +00:00 Compare
laurence force-pushed laurence/issue-5 from c813e52ae7
Some checks failed
Koacha Test Runner / run_koacha (pull_request) Failing after 10s
Details
Build And Publish OCI Container / build (push) Successful in 2m51s
Details
to 99d7599337
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 11s
Details
Build And Publish OCI Container / build (push) Successful in 2m22s
Details
2025-11-25 09:16:58 +00:00 Compare
laurence force-pushed laurence/issue-5 from 99d7599337
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 11s
Details
Build And Publish OCI Container / build (push) Successful in 2m22s
Details
to fe761d921e
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 34s
Details
Build And Publish OCI Container / build (push) Has been cancelled
Details
2025-11-25 09:25:59 +00:00 Compare
laurence force-pushed laurence/issue-5 from fe761d921e
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 34s
Details
Build And Publish OCI Container / build (push) Has been cancelled
Details
to 8ceb9a2fdb
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 5s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
2025-11-25 09:27:59 +00:00 Compare
laurence force-pushed laurence/issue-5 from 8ceb9a2fdb
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 5s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
to 5c104e216d
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 23s
Details
Build And Publish OCI Container / build (push) Successful in 2m21s
Details
2025-11-25 09:32:32 +00:00 Compare
laurence force-pushed laurence/issue-5 from 5c104e216d
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 23s
Details
Build And Publish OCI Container / build (push) Successful in 2m21s
Details
to 13eb7b272a
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m19s
Details
2025-11-25 09:45:03 +00:00 Compare
laurence force-pushed laurence/issue-5 from 13eb7b272a
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m19s
Details
to c34e8203bc
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
2025-11-25 09:50:36 +00:00 Compare
laurence force-pushed laurence/issue-5 from c34e8203bc
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
to 4eeb3118f1
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m27s
Details
2025-11-25 10:30:26 +00:00 Compare
laurence force-pushed laurence/issue-5 from 4eeb3118f1
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 22s
Details
Build And Publish OCI Container / build (push) Successful in 2m27s
Details
to dc77f1d383
Some checks failed
Build And Publish OCI Container / build (push) Successful in 2m23s
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 1m32s
Details
2025-11-25 10:39:18 +00:00 Compare
simplify forgejo workflow (install Clojure CLI)
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 1m27s
Details
Build And Publish OCI Container / build (push) Successful in 2m32s
Details
95a6890ff9
try forgejo with docker
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 28s
Details
Build And Publish OCI Container / build (push) Successful in 2m28s
Details
66168fa941
laurence force-pushed laurence/issue-5 from 66168fa941
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 28s
Details
Build And Publish OCI Container / build (push) Successful in 2m28s
Details
to 873712a648
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m43s
Details
Build And Publish OCI Container / build (push) Successful in 2m48s
Details
2025-11-26 05:25:57 +00:00 Compare
laurence force-pushed laurence/issue-5 from 873712a648
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m43s
Details
Build And Publish OCI Container / build (push) Successful in 2m48s
Details
to cc651aae79
All checks were successful
Kaocha Test Runner / run_kaocha (pull_request) Successful in 3m37s
Details
Build And Publish OCI Container / build (push) Successful in 4m17s
Details
2025-11-26 05:29:45 +00:00 Compare
tune the forgejo workflow to allow act's local behavior to depend on local docker services
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 1m27s
Details
Build And Publish OCI Container / build (push) Successful in 2m33s
Details
4c5d095393
laurence force-pushed laurence/issue-5 from 4c5d095393
Some checks failed
Kaocha Test Runner / run_kaocha (pull_request) Failing after 1m27s
Details
Build And Publish OCI Container / build (push) Successful in 2m33s
Details
to cc651aae79
All checks were successful
Kaocha Test Runner / run_kaocha (pull_request) Successful in 3m37s
Details
Build And Publish OCI Container / build (push) Successful in 4m17s
Details
2025-11-26 06:41:10 +00:00 Compare
add some meta information for openapi.json
All checks were successful
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m45s
Details
Build And Publish OCI Container / build (push) Successful in 3m9s
Details
38e48fa46b
add GH action to generate apidoc
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m38s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m40s
Details
39af7e8471
laurence force-pushed laurence/issue-5 from 39af7e8471
All checks were successful
Build And Publish OCI Container / build (push) Successful in 2m38s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m40s
Details
to f2d2cc451d
Some checks failed
Build And Publish OCI Container / build (push) Has been cancelled
Details
API Doc Generation / generate_docs (pull_request) Failing after 3m33s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 4m4s
Details
2025-11-26 10:58:51 +00:00 Compare
laurence force-pushed laurence/issue-5 from f2d2cc451d
Some checks failed
Build And Publish OCI Container / build (push) Has been cancelled
Details
API Doc Generation / generate_docs (pull_request) Failing after 3m33s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 4m4s
Details
to 693b9354dd
Some checks failed
API Doc Generation / generate_docs (pull_request) Failing after 3m26s
Details
Build And Publish OCI Container / build (push) Successful in 3m46s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m46s
Details
2025-11-26 11:01:03 +00:00 Compare
Disable apidoc job
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m37s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m37s
Details
33b4ce89e1
Rerender the dashboard with the form with inline errors, instead of using a flash
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m40s
Details
Build And Publish OCI Container / build (push) Successful in 2m47s
Details
3f4e5bab73
YAGNI multipart form handling, maybe later
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m33s
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m36s
Details
ddc6423b58
fix - layout of permission dialog is broken when there's no image configured
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m36s
Details
Build And Publish OCI Container / build (push) Successful in 2m56s
Details
a402b12ec9
Version bumps and test harness stuff
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Failing after 5m33s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 5m39s
Details
338a9b0cf5
Uberjar already includes compilation
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m15s
Details
Build And Publish OCI Container / build (push) Successful in 2m26s
Details
496247efb5
arne merged commit 851c138801 into main 2025-11-28 15:02:29 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

A defect that needs fixing

  
small

Little things that can be fixed trivially, best to batch these up

No labels
bug
small
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
gaiwan/Oak!7
No description provided.