The complexity of the passwords can be adjusted to certain degrees. Learn more about it here.
Note on changing the COYO settings
The settings of the COYO Application are changed via the COYO REST API. To authenticate yourself to the API, you need an OAuth token before you can make any settings. COYO does not need to be restarted, but changes are applied directly.
Get OAuth token
curl --user '<API_CLIENT_ID>':'<API_CLIENT_SECRET>' -X POST -d "grant_type=password&username=<username>&password=<password>" https://<COYO_BACKEND_URL>/api/oauth/token
This endpoint is secured by basic auth. You find your API access data in your COYO administration at API Clients. The backend url is your COYO url.
The response will be a bearer token aka access token. You'll need that token to authenticate with the COYO REST API.
The response will be a bearer token aka access token. You'll need that token to authenticate with the COYO REST API.
Get current settings
To get the settings do the following request:
curl -x GET https://<COYO_BACKEND_URL>/api/settings/public
Response:
{
"linkPattern": "[linkPattern]",
"emailPattern": "[emailPattern]",
"networkName": "[networkName]",
"phonePattern": "[phonePattern]",
"jsLogThrottle": "[jsLogThrottle]",
"passwordPattern": "[passwordPattern]"
}
Update settings
Copy the response and make your adjustments. Please note that the passwordPattern is a RegEx.
curl -x PUT https://<COYO_BACKEND_URL>/api/settings?access_token=<ACCESS_TOKEN> -H "Authorization: Bearer <access_token>"-H 'Content-Type: application/json' -d '{
"linkPattern": "[linkPattern]",
"emailPattern": "[emailPattern]",
"networkName": "[networkName]",
"phonePattern": "[phonePattern]",
"jsLogThrottle": "[sLogThrottle]",
"passwordPattern": "[passwordPattern]"
}'
RegEx Rules
^ | The password string will start this way |
(?=.*[a-z]) | The string must contain at least 1 lowercase alphabetical character |
(?=.*[A-Z]) | The string must contain at least 1 uppercase alphabetical character |
(?=.*[0-9]) | The string must contain at least 1 numeric character |
(?=.[!@#\$%\^&]) | The string must contain at least one special character, but we are escaping reserved RegEx characters to avoid conflict |
(?=.{8,}) | The string must be eight characters or longer |
Example
Here an example for a new passwordPattern with the following specifications:
- at least ten characters
- at least one special character (!"§$%&/()?#+_)
- at least one number (0-9)
- at least one upper-case character
"^(?=.*[A-Z])(?=.*[!@#\\$%\\^&])(?=.*[0-9]).{10,}$"