Fix password checks on admin create/edit user (#9076)

author guillep2k <18600385+guillep2k@users.noreply.github.com>

Wed, 20 Nov 2019 00:07:51 +0000 (21:07 -0300)

committer zeripath <art27@cantab.net>

Wed, 20 Nov 2019 00:07:51 +0000 (00:07 +0000)
author guillep2k <18600385+guillep2k@users.noreply.github.com>
Wed, 20 Nov 2019 00:07:51 +0000 (21:07 -0300)
committer zeripath <art27@cantab.net>
Wed, 20 Nov 2019 00:07:51 +0000 (00:07 +0000)
diff --git a/routers/admin/users.go b/routers/admin/users.go

index 7626fbc0d0919708d24e6689d874830b3633b4af..b5c7dbd38346ba2c177ad98456e2f58b1716c1fe 100644 (file)
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -94,8 +94,14 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
                         u.LoginName = form.LoginName
                 }
         }
-       if u.LoginType == models.LoginPlain {
+       if u.LoginType == models.LoginNoType || u.LoginType == models.LoginPlain {
+               if len(form.Password) < setting.MinPasswordLength {
+                       ctx.Data["Err_Password"] = true
+                       ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserNew, &form)
+                       return
+               }
                 if !password.IsComplexEnough(form.Password) {
+                       ctx.Data["Err_Password"] = true
                         ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserNew, &form)
                         return
                 }
@@ -203,14 +209,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
  
         if len(form.Password) > 0 {
                 var err error
-               if u.Salt, err = models.GetUserSalt(); err != nil {
-                       ctx.ServerError("UpdateUser", err)
+               if len(form.Password) < setting.MinPasswordLength {
+                       ctx.Data["Err_Password"] = true
+                       ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserEdit, &form)
                         return
                 }
                 if !password.IsComplexEnough(form.Password) {
                         ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserEdit, &form)
                         return
                 }
+               if u.Salt, err = models.GetUserSalt(); err != nil {
+                       ctx.ServerError("UpdateUser", err)
+                       return
+               }
                 u.HashPassword(form.Password)
         }
author	guillep2k <18600385+guillep2k@users.noreply.github.com>
	Wed, 20 Nov 2019 00:07:51 +0000 (21:07 -0300)
committer	zeripath <art27@cantab.net>
	Wed, 20 Nov 2019 00:07:51 +0000 (00:07 +0000)