vikunja/pkg/user
kolaente 89c17d3b23 feat(api): enforce password validation on reset and update flows
Add bcrypt_password validation to password reset and update endpoints:
- Add validation tag to PasswordReset.NewPassword struct field
- Add validation tag to UserPassword.NewPassword struct field
- Add c.Validate() calls in both handlers
- Fix off-by-one error in bcrypt_password validator (use <= 72 not < 72)

Password requirements: min 8 chars, max 72 bytes (bcrypt limit)
2026-02-25 13:44:56 +01:00
..
caldav_token.go fix: address review comments on session lifecycle 2026-02-25 11:03:02 +01:00
db.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
delete.go fix: address review comments on session lifecycle 2026-02-25 11:03:02 +01:00
error.go fix: 403 http error code on failed login (#1756) 2025-11-06 08:40:46 +01:00
events.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
listeners.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
main_test.go feat: move to slog for logging 2025-07-21 18:15:39 +02:00
notifications.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
test.go fix(user): persist status on email updates (#1084) 2025-08-04 14:07:00 +00:00
token.go fix: add missing Commit() to write callers 2026-02-25 11:03:02 +01:00
totp.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
update_email.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
update_email_test.go fix(user): persist status on email updates (#1084) 2025-08-04 14:07:00 +00:00
user.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
user_create.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
user_email_confirm.go fix(user): persist status on email updates (#1084) 2025-08-04 14:07:00 +00:00
user_email_confirm_test.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
user_password_reset.go feat(api): enforce password validation on reset and update flows 2026-02-25 13:44:56 +01:00
user_test.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
users_project.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
validator.go feat(api): enforce password validation on reset and update flows 2026-02-25 13:44:56 +01:00