Update minimum password length requirements (#25946)

techknowlogick · web-flow · commit b3f713717407 · 2023-08-21T19:27:50.000Z
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
@@ -454,7 +454,7 @@ INTERNAL_TOKEN=
 ;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ;;
 ;; The minimum password length for new Users
-;MIN_PASSWORD_LENGTH = 6
+;MIN_PASSWORD_LENGTH = 8
 ;;
 ;; Set to true to allow users to import local server paths
 ;IMPORT_LOCAL_PATHS = false
diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -559,7 +559,7 @@ And the following unique queues:
     - `scrypt`:    `scrypt$65536$16$2$50`
   - Adjusting the algorithm parameters using this functionality is done at your own risk.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
-- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
+- `MIN_PASSWORD_LENGTH`: **8**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
   - lower - use one or more lower latin characters
   - upper - use one or more upper latin characters
diff --git a/modules/setting/security.go b/modules/setting/security.go
@@ -124,7 +124,7 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 		ReverseProxyTrustedProxies = []string{"127.0.0.0/8", "::1/128"}
 	}
 
-	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
+	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(8)
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
 	DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)
 	DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false)
diff --git a/tests/e2e/example.test.e2e.js b/tests/e2e/example.test.e2e.js
@@ -18,8 +18,8 @@ test('Test Register Form', async ({page}, workerInfo) => {
   await expect(response?.status()).toBe(200); // Status OK
   await page.type('input[name=user_name]', `e2e-test-${workerInfo.workerIndex}`);
   await page.type('input[name=email]', `e2e-test-${workerInfo.workerIndex}@test.com`);
-  await page.type('input[name=password]', 'test123');
-  await page.type('input[name=retype]', 'test123');
+  await page.type('input[name=password]', 'test123test123');
+  await page.type('input[name=retype]', 'test123test123');
   await page.click('form button.ui.green.button:visible');
   // Make sure we routed to the home page. Else login failed.
   await expect(page.url()).toBe(`${workerInfo.project.use.baseURL}/`);

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ func loadSecurityFrom(rootCfg ConfigProvider) {`
`124`	`124`	`ReverseProxyTrustedProxies = []string{"127.0.0.0/8", "::1/128"}`
`125`	`125`	`}`
`126`	`126`
`127`		`- MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)`
	`127`	`+ MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(8)`
`128`	`128`	`ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)`
`129`	`129`	`DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)`
`130`	`130`	`DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false)`