Backport #18005 It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath
GitHub
parent
3ae4c4898b
commit
2051f850ef
3 changed files with 25 additions and 1 deletions
|
|
@ -335,6 +335,10 @@ func runChangePassword(c *cli.Context) error {
|
|||
if err := initDB(); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(c.String("password")) < setting.MinPasswordLength {
|
||||
return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
|
||||
}
|
||||
|
||||
if !pwd.IsComplexEnough(c.String("password")) {
|
||||
return errors.New("Password does not meet complexity requirements")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue