Fix missing password length check when change password (#3039)

* fix missing password length check when change password * add tests for change password
author: Lunny Xiao <xiaolunwen@gmail.com> 2017-12-03 01:11:22 +0800
committer: Lauris BH <lauris@nix.lv> 2017-12-02 19:11:22 +0200
commit: b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5 (patch)
tree: 34cd44d43157a054844b343075c4a5744cc0f7c5 /routers/user/setting.go
parent: 35cc5b0402d46d672e02bbe1ad15d1460077e8f4 (diff)
download: gitea-b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5.tar.gz
gitea-b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/routers/user/setting.go b/routers/user/setting.go
index bd2c923b70..a2f32e3e19 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -222,7 +222,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) {
 		return
 	}
 
-	if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
+	if len(form.Password) < setting.MinPasswordLength {
+		ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))
+	} else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
 	} else if form.Password != form.Retype {
 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))
author	Lunny Xiao <xiaolunwen@gmail.com>	2017-12-03 01:11:22 +0800
committer	Lauris BH <lauris@nix.lv>	2017-12-02 19:11:22 +0200
commit	b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5 (patch)
tree	34cd44d43157a054844b343075c4a5744cc0f7c5 /routers/user/setting.go
parent	35cc5b0402d46d672e02bbe1ad15d1460077e8f4 (diff)
download	gitea-b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5.tar.gz gitea-b3d5ba6f9013052dfe51fb03ce3e2088d7da3be5.zip