From d29b689f813ee83a4ec3526fbad7fb76a6958cc0 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Fri, 17 Dec 2021 02:03:39 +0000
Subject: Ensure complexity, minlength and ispwned are checked on password
 setting (#18005)

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 cmd/admin.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'cmd')

diff --git a/cmd/admin.go b/cmd/admin.go
index 65a0bfb7bf..099803fbf5 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -379,6 +379,10 @@ func runChangePassword(c *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
+	if len(c.String("password")) < setting.MinPasswordLength {
+		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
+	}
+
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
-- 
cgit v1.2.3