From b3f713717407fcb66515a7a702e81b2028800f76 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 21 Aug 2023 15:27:50 -0400 Subject: [PATCH] Update minimum password length requirements (#25946) --- custom/conf/app.example.ini | 2 +- docs/content/administration/config-cheat-sheet.en-us.md | 2 +- modules/setting/security.go | 2 +- tests/e2e/example.test.e2e.js | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index daf024009..a3d24b196 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -454,7 +454,7 @@ INTERNAL_TOKEN= ;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 ;; ;; The minimum password length for new Users -;MIN_PASSWORD_LENGTH = 6 +;MIN_PASSWORD_LENGTH = 8 ;; ;; Set to true to allow users to import local server paths ;IMPORT_LOCAL_PATHS = false diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index 71ae4f2e3..968b47c23 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -559,7 +559,7 @@ And the following unique queues: - `scrypt`: `scrypt$65536$16$2$50` - Adjusting the algorithm parameters using this functionality is done at your own risk. - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie. -- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users. +- `MIN_PASSWORD_LENGTH`: **8**: Minimum password length for new users. - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off): - lower - use one or more lower latin characters - upper - use one or more upper latin characters diff --git a/modules/setting/security.go b/modules/setting/security.go index 7064d7a00..90f614d4c 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -124,7 +124,7 @@ func loadSecurityFrom(rootCfg ConfigProvider) { ReverseProxyTrustedProxies = []string{"127.0.0.0/8", "::1/128"} } - MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) + MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(8) ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true) DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false) diff --git a/tests/e2e/example.test.e2e.js b/tests/e2e/example.test.e2e.js index 5e45bad24..870c28cc7 100644 --- a/tests/e2e/example.test.e2e.js +++ b/tests/e2e/example.test.e2e.js @@ -18,8 +18,8 @@ test('Test Register Form', async ({page}, workerInfo) => { await expect(response?.status()).toBe(200); // Status OK await page.type('input[name=user_name]', `e2e-test-${workerInfo.workerIndex}`); await page.type('input[name=email]', `e2e-test-${workerInfo.workerIndex}@test.com`); - await page.type('input[name=password]', 'test123'); - await page.type('input[name=retype]', 'test123'); + await page.type('input[name=password]', 'test123test123'); + await page.type('input[name=retype]', 'test123test123'); await page.click('form button.ui.green.button:visible'); // Make sure we routed to the home page. Else login failed. await expect(page.url()).toBe(`${workerInfo.project.use.baseURL}/`);