show the configured password policy requirements

Signed-off-by: NAYANAR <nayana.r5@ibm.com>

Author: NAYANAR0502

.env.example

@@ -178,10 +178,10 @@ ARGON2ID_PARALLELISM=1
 
 # Password Policy Configuration
 PASSWORD_MIN_LENGTH=8
-PASSWORD_REQUIRE_UPPERCASE=false
-PASSWORD_REQUIRE_LOWERCASE=false
+PASSWORD_REQUIRE_UPPERCASE=true
+PASSWORD_REQUIRE_LOWERCASE=true
 PASSWORD_REQUIRE_NUMBERS=false
-PASSWORD_REQUIRE_SPECIAL=false
+PASSWORD_REQUIRE_SPECIAL=true
 
 # Account Security Configuration
 # Maximum failed login attempts before account lockout

charts/mcp-stack/values.yaml

@@ -409,10 +409,10 @@ mcpContextForge:
     ARGON2ID_MEMORY_COST: "65536"          # Argon2id memory cost in KiB
     ARGON2ID_PARALLELISM: "1"              # Argon2id parallelism (threads)
     PASSWORD_MIN_LENGTH: "8"               # minimum password length
-    PASSWORD_REQUIRE_UPPERCASE: "false"    # require uppercase letters in passwords
-    PASSWORD_REQUIRE_LOWERCASE: "false"    # require lowercase letters in passwords
+    PASSWORD_REQUIRE_UPPERCASE: "true"    # require uppercase letters in passwords
+    PASSWORD_REQUIRE_LOWERCASE: "true"    # require lowercase letters in passwords
     PASSWORD_REQUIRE_NUMBERS: "false"      # require numbers in passwords
-    PASSWORD_REQUIRE_SPECIAL: "false"      # require special characters in passwords
+    PASSWORD_REQUIRE_SPECIAL: "true"      # require special characters in passwords
     MAX_FAILED_LOGIN_ATTEMPTS: "5"         # maximum failed login attempts before lockout
     ACCOUNT_LOCKOUT_DURATION_MINUTES: "30" # account lockout duration in minutes
     MIN_PASSWORD_LENGTH: "12"              # minimum password length for validation

mcpgateway/admin.py

@@ -4915,10 +4915,10 @@ async def admin_get_user_edit(
                                     <span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span>
                                     <span>At least {settings.password_min_length} characters long</span>
                                 </div>
-                                {'<div class="flex items-center" id="req-uppercase"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains uppercase letters (A-Z)</span></div>' if settings.password_require_uppercase else ''}
-                                {'<div class="flex items-center" id="req-lowercase"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains lowercase letters (a-z)</span></div>' if settings.password_require_lowercase else ''}
+                                <div class="flex items-center" id="req-uppercase"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains uppercase letters (A-Z)</span></div>
+                                <div class="flex items-center" id="req-lowercase"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains lowercase letters (a-z)</span></div>
                                 {'<div class="flex items-center" id="req-numbers"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains numbers (0-9)</span></div>' if settings.password_require_numbers else ''}
-                                {'<div class="flex items-center" id="req-special"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains special characters (!@#$%^&amp;*(),.?&quot;:{{}}|&lt;&gt;)</span></div>' if settings.password_require_special else ''}
+                                <div class="flex items-center" id="req-special"><span class="inline-flex items-center justify-center w-4 h-4 bg-gray-400 text-white rounded-full text-xs mr-2">✗</span><span>Contains special characters (!@#$%^&amp;*(),.?&quot;:{{}}|&lt;&gt;)</span></div>
                             </div>
                         </div>
                     </div>
@@ -4934,6 +4934,8 @@ async def admin_get_user_edit(
                     requireSpecial: {'true' if settings.password_require_special else 'false'}
                 }};
 
+                // (No debug output) passwordPolicy available in JS for logic below
+
                 function updateRequirementIcon(elementId, isValid) {{
                     const req = document.getElementById(elementId);
                     if (req) {{
@@ -4957,19 +4959,19 @@ async def admin_get_user_edit(
 
                     // Check uppercase requirement (if enabled)
                     const uppercaseCheck = !passwordPolicy.requireUppercase || /[A-Z]/.test(password);
-                    updateRequirementIcon('req-uppercase', /[A-Z]/.test(password));
+                    updateRequirementIcon('req-uppercase', uppercaseCheck);
 
                     // Check lowercase requirement (if enabled)
                     const lowercaseCheck = !passwordPolicy.requireLowercase || /[a-z]/.test(password);
-                    updateRequirementIcon('req-lowercase', /[a-z]/.test(password));
+                    updateRequirementIcon('req-lowercase', lowercaseCheck);
 
                     // Check numbers requirement (if enabled)
                     const numbersCheck = !passwordPolicy.requireNumbers || /[0-9]/.test(password);
-                    updateRequirementIcon('req-numbers', /[0-9]/.test(password));
+                    updateRequirementIcon('req-numbers', numbersCheck);
 
                     // Check special character requirement (if enabled) - matches backend set
                     const specialCheck = !passwordPolicy.requireSpecial || /[!@#$%^&*(),.?":{{}}|<>]/.test(password);
-                    updateRequirementIcon('req-special', /[!@#$%^&*(),.?":{{}}|<>]/.test(password));
+                    updateRequirementIcon('req-special', specialCheck);
 
                     // Enable/disable submit button based on active requirements
                     const submitButton = document.querySelector('#user-edit-modal-content button[type="submit"]');
@@ -5000,9 +5002,25 @@ async def admin_get_user_edit(
                     }}
                 }}
 
-                // Initialize validation on page load
-                document.addEventListener('DOMContentLoaded', function() {{
-                    validatePasswordRequirements();
+                // Initialize validation when the form is present (supports HTMX-injected content)
+                (function initPasswordValidation() {{
+                    if (document.getElementById('password-field')) {{
+                        validatePasswordRequirements();
+                        validatePasswordMatch();
+                    }}
+                }})();
+
+                // Re-run validation after HTMX swaps content into the DOM (modal loaded via HTMX)
+                document.addEventListener('htmx:afterSwap', function(event) {{
+                    try {{
+                        const target = event.detail && event.detail.target ? event.detail.target : null;
+                        if (target && (target.querySelector('#password-field') || target.id === 'user-edit-modal-content')) {{
+                            validatePasswordRequirements();
+                            validatePasswordMatch();
+                        }}
+                    }} catch (e) {{
+                        // Ignore errors from HTMX event handling
+                    }}
                 }});
                 </script>
                 <div class="flex justify-end space-x-3">

mcpgateway/config.py

@@ -301,10 +301,10 @@ class Settings(BaseSettings):
 
     # Password Policy Configuration
     password_min_length: int = Field(default=8, description="Minimum password length")
-    password_require_uppercase: bool = Field(default=False, description="Require uppercase letters in passwords")
-    password_require_lowercase: bool = Field(default=False, description="Require lowercase letters in passwords")
+    password_require_uppercase: bool = Field(default=True, description="Require uppercase letters in passwords")
+    password_require_lowercase: bool = Field(default=True, description="Require lowercase letters in passwords")
     password_require_numbers: bool = Field(default=False, description="Require numbers in passwords")
-    password_require_special: bool = Field(default=False, description="Require special characters in passwords")
+    password_require_special: bool = Field(default=True, description="Require special characters in passwords")
 
     # Account Security Configuration
     max_failed_login_attempts: int = Field(default=5, description="Maximum failed login attempts before account lockout")