kamp/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2024-11-14 02:20:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent accidental lockout from restricted chars in single pass mode (#1352)

Browse Source 
* prevent accidental lockout from restrict chars in single pass mode

* update error message
This commit is contained in:
Timothy Carambat 2024-05-10 17:29:49 -07:00 committed by GitHub
parent 98953d70b7
commit 7b18a36288
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
frontend/src/pages/GeneralSettings/Security/index.jsx
View File

@ -190,6 +190,7 @@ function MultiUserMode() {
); );
} }
const PW_REGEX = new RegExp(/^[a-zA-Z0-9_\-!@$%^&*();]+$/);
function PasswordProtection() { function PasswordProtection() {
const [saving, setSaving] = useState(false); const [saving, setSaving] = useState(false);
const [hasChanges, setHasChanges] = useState(false); const [hasChanges, setHasChanges] = useState(false);
@ -200,10 +201,19 @@ function PasswordProtection() {
const handleSubmit = async (e) => { const handleSubmit = async (e) => {
e.preventDefault(); e.preventDefault();
if (multiUserModeEnabled) return false; if (multiUserModeEnabled) return false;
const form = new FormData(e.target);
if (!PW_REGEX.test(form.get("password"))) {
showToast(
`Your password has restricted characters in it. Allowed symbols are _,-,!,@,$,%,^,&,*,(,),;`,
"error"
);
setSaving(false);
return;
}
setSaving(true); setSaving(true);
setHasChanges(false); setHasChanges(false);
const form = new FormData(e.target);
const data = { const data = {
usePassword, usePassword,
newPassword: form.get("password"), newPassword: form.get("password"),
@ -323,9 +333,9 @@ function PasswordProtection() {
</div> </div>
<div className="flex items-center justify-between space-x-14"> <div className="flex items-center justify-between space-x-14">
<p className="text-white/80 text-xs rounded-lg w-96"> <p className="text-white/80 text-xs rounded-lg w-96">
By default, you will be the only admin. As an admin you will By default, anyone with this password can log into the instance.
need to create accounts for all new users or admins. Do not lose Do not lose this password as only the instance maintainer is
your password as only an Admin user can reset passwords. able to retrieve or reset the password once set.
</p> </p>
</div> </div>
</div> </div>

9
server/utils/helpers/updateENV.js
View File

@ -338,7 +338,7 @@ const KEY_MAPPING = {
// System Settings // System Settings
AuthToken: { AuthToken: {
envKey: "AUTH_TOKEN", envKey: "AUTH_TOKEN",
checks: [requiresForceMode], checks: [requiresForceMode, noRestrictedChars],
}, },
JWTSecret: { JWTSecret: {
envKey: "JWT_SECRET", envKey: "JWT_SECRET",
@ -574,6 +574,13 @@ function validHuggingFaceEndpoint(input = "") {
: null; : null;
} }
function noRestrictedChars(input = "") {
const regExp = new RegExp(/^[a-zA-Z0-9_\-!@$%^&*();]+$/);
return !regExp.test(input)
? `Your password has restricted characters in it. Allowed symbols are _,-,!,@,$,%,^,&,*,(,),;`
: null;
}
// This will force update .env variables which for any which reason were not able to be parsed or // This will force update .env variables which for any which reason were not able to be parsed or
// read from an ENV file as this seems to be a complicating step for many so allowing people to write // read from an ENV file as this seems to be a complicating step for many so allowing people to write
// to the process will at least alleviate that issue. It does not perform comprehensive validity checks or sanity checks // to the process will at least alleviate that issue. It does not perform comprehensive validity checks or sanity checks