diff options
| author | zeripath <art27@cantab.net> | 2021-12-17 02:03:39 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-17 10:03:39 +0800 |
| commit | d29b689f813ee83a4ec3526fbad7fb76a6958cc0 (patch) | |
| tree | 79283195a316f021c0831d7b24834e2052a597d8 /cmd | |
| parent | dab28c7049bdcf0da2b5c907e610c6a502fa37ac (diff) | |
| download | gitea-d29b689f813ee83a4ec3526fbad7fb76a6958cc0.tar.gz gitea-d29b689f813ee83a4ec3526fbad7fb76a6958cc0.zip | |
Ensure complexity, minlength and ispwned are checked on password setting (#18005)
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.
Fix #17977
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/admin.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/cmd/admin.go b/cmd/admin.go index 65a0bfb7bf..099803fbf5 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -379,6 +379,10 @@ func runChangePassword(c *cli.Context) error { if err := initDB(ctx); err != nil { return err } + if len(c.String("password")) < setting.MinPasswordLength { + return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength) + } + if !pwd.IsComplexEnough(c.String("password")) { return errors.New("Password does not meet complexity requirements") } |