diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2020-09-08 17:06:39 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-08 17:06:39 -0500 |
| commit | c6e4bc53aad371210f0cb670e36c57132087b230 (patch) | |
| tree | ef2eecef855a4257a22eb61aefd5439be23a770e /custom | |
| parent | bea343ce0997262e61c5d83812a270090896afbf (diff) | |
| download | gitea-c6e4bc53aad371210f0cb670e36c57132087b230.tar.gz gitea-c6e4bc53aad371210f0cb670e36c57132087b230.zip | |
Check passwords against HaveIBeenPwned (#12716)
* Implement pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update module
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Apply suggestions mrsdizzie
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Add link to HIBP
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add more details to admin command
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add context to pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Consistency and making some noise ;)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'custom')
| -rw-r--r-- | custom/conf/app.example.ini | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index bb65c4f08d..af3418f70c 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -433,7 +433,7 @@ REPO_INDEXER_TYPE = bleve ; Index file used for code search. REPO_INDEXER_PATH = indexers/repos.bleve ; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200 -REPO_INDEXER_CONN_STR = +REPO_INDEXER_CONN_STR = ; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch REPO_INDEXER_NAME = gitea_codes @@ -512,6 +512,8 @@ PASSWORD_COMPLEXITY = off PASSWORD_HASH_ALGO = argon2 ; Set false to allow JavaScript to read CSRF cookie CSRF_COOKIE_HTTP_ONLY = true +; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed +PASSWORD_CHECK_PWN = false [openid] ; |