mirror of
https://github.com/AstrBotDevs/AstrBot
synced 2026-07-16 01:40:15 +08:00
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation * fix(i18n): update password policy hints and validation rules for improved security * test: adapt dashboard auth fixtures for hashed default password * fix(security): increase PBKDF2 iterations * feat(auth): implement secure login challenge and proof verification * chore: ruff format * fix(auth): update md5 import syntax for consistency * feat(dashboard): implement random password generation for empty dashboard password * feat(auth): enforce plaintext password requirement for legacy MD5 hashes * fix(i18n): update password hint texts to reflect auto-generated initial passwords * feat(dashboard): implement password change requirement and reset logic * feat(auth): implement account setup flow and password change requirements * feat: Implement legacy password support and upgrade mechanism - Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords. - Updated configuration handling to store both PBKDF2 and legacy password hashes. - Introduced logic to check if password storage has been upgraded and if a password change is required. - Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades. - Updated frontend to display warnings for legacy password storage and required upgrades. - Enhanced tests to cover scenarios for legacy password handling and migration to new storage format. * fix(logo): update text color styles to use CSS variables for consistency * feat(dashboard): upgrade password storage and enforce change requirement * fix(dashboard): update minimum password length from 12 to 10 characters * fix(dashboard): update minimum password length from 10 to 8 characters --------- Co-authored-by: RC-CHN <1051989940@qq.com>