Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation documentation update #38

Merged
merged 7 commits into from
Feb 6, 2021
Merged

Validation documentation update #38

merged 7 commits into from
Feb 6, 2021

Conversation

Vlix
Copy link
Collaborator

@Vlix Vlix commented Jan 3, 2021

New branch created from @agentultra's contribution.

Adding link to the NIST publication and changing the defaults for the password validation.

agentultra and others added 3 commits December 8, 2020 12:06
@agentultra
Update Validate.hs
7c75c07 
Added a link to the NIST 800-63b publication on authentication credentials and life cycle management to the module haddocks and change the `defaultPasswordPolicy` to follow the NIST recommendations.

The default character set will need to be updated as well to include the full unicode character range and ensure that multi-code point glyphs are handled as per the guidelines.
@Vlix
added more information using the NIST as a guide to discourage users …
efb67c1 
…to use the character category inclusion requirements if they don't have to.
@Vlix
Merge pull request #31 from agentultra/master
0f4a00d 
Update Validate.hs

Merging this into a separate branch to continue working on.
cdepillabout
cdepillabout approved these changes Jan 4, 2021
View reviewed changes
Copy link
Owner

@cdepillabout cdepillabout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Vlix
Copy link
Collaborator Author

Vlix commented Jan 24, 2021

I finished up this documentation too, but I'd like one last review on any spelling/typos, AND not sure if a PATCH update would be enough? We made the defaultPasswordPolicy more lax, so some passwords that would not be valid with password-2.1.0.0 might suddenly be valid if the user only used the default policy. Would that be enough to necessitate a 2.1.1.0 increase? (Or even a 2.2.0.0?)
After that is decided we can do a release.

@cdepillabout cdepillabout mentioned this pull request Jan 27, 2021
Merged
@Vlix
Copy link
Collaborator Author

Vlix commented Jan 31, 2021

I decided on upping password to 2.1.1.0, since changing the internals of defaultPasswordPolicy is not just a patch, and it's not really breaking the API or anything.

Will double check spelling and then upload to stackage, unless there are any new objections.

cdepillabout
cdepillabout approved these changes Feb 3, 2021
View reviewed changes
Copy link
Owner

@cdepillabout cdepillabout left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good. Very easy to understand.

Version bumps sound good!

@Vlix Vlix merged commit 6b243c2 into master Feb 6, 2021
@cdepillabout cdepillabout deleted the documentation-update branch February 6, 2021 03:38
@Vlix
Copy link
Collaborator Author

Vlix commented Feb 7, 2021

I've uploaded password-2.1.1.0 and password-instances-2.0.0.2 to hackage.

@Vlix Vlix mentioned this pull request Feb 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdepillabout cdepillabout cdepillabout approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Vlix @cdepillabout @agentultra