Commit Graph

8 Commits (bb7de8df3e7d0e945219751f3012b7d52d022719)

Author SHA1 Message Date
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867)
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
2020-06-19 22:03:51 -05:00
dependabot[bot] 053b998b84
Bump acorn from 6.1.1 to 6.4.1 (#1785)
Bumps [acorn](https://github.com/acornjs/acorn) from 6.1.1 to 6.4.1.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](https://github.com/acornjs/acorn/compare/6.1.1...6.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-03-15 12:33:49 -05:00
dependabot[bot] e812ea0dfb Bump lodash from 4.17.11 to 4.17.15 (#1509)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2019-11-12 20:06:35 -06:00
dependabot[bot] 38876339c0 Bump mixin-deep from 1.3.1 to 1.3.2 (#1654)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-11-09 21:21:15 -06:00
dependabot[bot] 1f16c7237d Bump lodash from 4.17.11 to 4.17.14 (#1507)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-18 23:29:45 -05:00
dependabot[bot] d30e9e2e2f Bump lodash.merge from 4.6.1 to 4.6.2 (#1508)
Bumps [lodash.merge](https://github.com/lodash/lodash) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-18 23:29:10 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473)
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Jordan Wright 6ca2b76ceb
Update Javascript Dependencies (#1440)
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
2019-04-21 16:34:52 -05:00