Allow server admins to define and enforce a password policy (MSC2000). (#7118)

2025-05-02 18:04:49 -04:00 · 2020-03-26 17:51:13 +01:00 · 2020-03-26 17:51:13 +01:00 · e8e2ddb60a
commit e8e2ddb60a
parent 1c1242acba
11 changed files with 437 additions and 0 deletions
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@ -1482,6 +1482,41 @@ password_config:
   #
   #pepper: "EVEN_MORE_SECRET"

+   # Define and enforce a password policy. Each parameter is optional.
+   # This is an implementation of MSC2000.
+   #
+   policy:
+      # Whether to enforce the password policy.
+      # Defaults to 'false'.
+      #
+      #enabled: true
+
+      # Minimum accepted length for a password.
+      # Defaults to 0.
+      #
+      #minimum_length: 15
+
+      # Whether a password must contain at least one digit.
+      # Defaults to 'false'.
+      #
+      #require_digit: true
+
+      # Whether a password must contain at least one symbol.
+      # A symbol is any character that's not a number or a letter.
+      # Defaults to 'false'.
+      #
+      #require_symbol: true
+
+      # Whether a password must contain at least one lowercase letter.
+      # Defaults to 'false'.
+      #
+      #require_lowercase: true
+
+      # Whether a password must contain at least one lowercase letter.
+      # Defaults to 'false'.
+      #
+      #require_uppercase: true
+

 # Configuration for sending emails from Synapse.
 #