Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TECH] Améliorer le mot de passe surveillant (PIX-13007). #10154

Merged
merged 4 commits into from
Sep 26, 2024
Merged

[TECH] Améliorer le mot de passe surveillant (PIX-13007). #10154

merged 4 commits into from
Sep 26, 2024

Conversation

AndreiaPena
Copy link
Member

@AndreiaPena AndreiaPena commented Sep 20, 2024
edited by matthieu-octo
Loading

🦄 Problème

Actuellement le mot de passe surveillant n'est pas assez fort.

🤖 Proposition

Renforcer le mot de passe

🌈 Remarques

On profite de cette PR pour renommer la colonne SupervisorPassword en invigilatorPassword.

⚠️ @asrodride demande a revoir le sujet avant de le faire avancer

💯 Pour tester

Constater que certif récupère bien le mot de passe surveillant
=> Détails de la session
=> Kit surveillant
=> Que l'utilisateur puisse bien se connecter dans l'espace surveillant

@pix-bot-github
Copy link

Une fois les applications déployées, elles seront accessibles via les liens suivants :

Les variables d'environnement seront accessibles via les liens suivants :

@Steph0 Steph0 force-pushed the pix-13007-improve-invigilator-password-security branch from 4f89e6e to 44a1ae2 Compare September 20, 2024 13:05
@AndreiaPena AndreiaPena force-pushed the pix-13007-improve-invigilator-password-security branch from 44a1ae2 to 41ddfdf Compare September 20, 2024 13:17
@gitguardian GitGuardian
Copy link

gitguardian bot commented Sep 20, 2024
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
13912190 Triggered Generic Password 52a78ef api/src/certification/enrolment/domain/models/SessionEnrolment.js View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

P-Jeremy
P-Jeremy previously requested changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@P-Jeremy P-Jeremy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Si je vous dis que j'adore bosser avec vous et en particulier @AndreiaPena , c'est utile ou inutile ? ❤️

@AndreiaPena AndreiaPena marked this pull request as ready for review September 20, 2024 13:37
@AndreiaPena AndreiaPena requested a review from a team as a code owner September 20, 2024 13:37
@AndreiaPena AndreiaPena force-pushed the pix-13007-improve-invigilator-password-security branch from 41ddfdf to 42dc7fd Compare September 20, 2024 13:47
@HEYGUL HEYGUL force-pushed the pix-13007-improve-invigilator-password-security branch from 42dc7fd to ec64237 Compare September 23, 2024 14:45
@matthieu-octo matthieu-octo force-pushed the pix-13007-improve-invigilator-password-security branch from ec64237 to 2f6348b Compare September 25, 2024 15:23
Steph0
Steph0 approved these changes Sep 25, 2024
View reviewed changes
api/tests/certification/enrolment/acceptance/application/session-mass-import-route_test.js Show resolved Hide resolved
api/tests/certification/enrolment/unit/domain/models/SessionEnrolment_test.js Outdated Show resolved Hide resolved
api/src/certification/enrolment/domain/models/SessionEnrolment.js
`${config.availableCharacterForCode.numbers}${config.availableCharacterForCode.letters}`.split('');
const NB_CHAR = 5;
const INVIGILATOR_PASSWORD_LENGTH = 6;
const INVIGILATOR_PASSWORD_CHARS = '23456789bcdfghjkmpqrstvwxyBCDFGHJKMPQRSTVWXY!*?'.split('');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @matthieu-octo

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

@Steph0
Copy link
Contributor

Steph0 commented Sep 26, 2024

Re-test, et j'ai obtenu un caractere special

image
image

@Steph0 Steph0 force-pushed the pix-13007-improve-invigilator-password-security branch from 2f6348b to e607097 Compare September 26, 2024 08:49
matthieu-octo and others added 4 commits September 26, 2024 08:49
@matthieu-octo
✨ api: add migration
e2fb133
@HEYGUL @AndreiaPena @matthieu-octo
✨ api: modifying supervisorPassword to invigilatorPassword
9c9000b 
* naming changed
* varchar length changed to 6
* seeds

Co-authored-by: Andreia Pena <[email protected]>
Co-authored-by: matthieu-octo <[email protected]>
Co-authored-by: <[email protected]>
Co-authored-by: <[email protected]>
@AndreiaPena @Steph0 @matthieu-octo
✨ api: modifying supervisorPassword to invigilatorPassword
b3448b4 
Co-authored-by: Steph0 <[email protected]>
Co-authored-by: matthieu-octo <[email protected]>
@AndreiaPena @Steph0
✨ api: modifying chars for invigilatorPassword
52a78ef 
Co-authored-by: Steph0 <[email protected]>
@pix-service-auto-merge pix-service-auto-merge force-pushed the pix-13007-improve-invigilator-password-security branch from e607097 to 52a78ef Compare September 26, 2024 08:49
@pix-service-auto-merge pix-service-auto-merge merged commit dc4f100 into dev Sep 26, 2024
7 of 8 checks passed
@pix-service-auto-merge pix-service-auto-merge deleted the pix-13007-improve-invigilator-password-security branch September 26, 2024 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Steph0 Steph0 Steph0 approved these changes

@matthieu-octo matthieu-octo matthieu-octo approved these changes

@alexandrecoin alexandrecoin alexandrecoin approved these changes

@P-Jeremy P-Jeremy P-Jeremy left review comments

@romain-pix-cyber romain-pix-cyber Awaiting requested review from romain-pix-cyber

Assignees

@Steph0 Steph0

@AndreiaPena AndreiaPena

@matthieu-octo matthieu-octo

Labels
Func Review OK PO validated functionally the PR 🚀 Ready to Merge team-certif Tech Review OK
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@AndreiaPena @pix-bot-github @Steph0 @alexandrecoin @P-Jeremy @matthieu-octo @romain-pix-cyber @pix-service-auto-merge @HEYGUL