Commit 36bef2ee authored by Dominik Murzynowski's avatar Dominik Murzynowski Committed by Joshua Tauberer

Change password min-length to 8 characters (#1098)

parent f6b20a81
...@@ -599,8 +599,8 @@ def validate_password(pw): ...@@ -599,8 +599,8 @@ def validate_password(pw):
raise ValueError("No password provided.") raise ValueError("No password provided.")
if re.search(r"[\s]", pw): if re.search(r"[\s]", pw):
raise ValueError("Passwords cannot contain spaces.") raise ValueError("Passwords cannot contain spaces.")
if len(pw) < 4: if len(pw) < 8:
raise ValueError("Passwords must be at least four characters.") raise ValueError("Passwords must be at least eight characters.")
if __name__ == "__main__": if __name__ == "__main__":
......
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
<button type="submit" class="btn btn-primary">Add User</button> <button type="submit" class="btn btn-primary">Add User</button>
</form> </form>
<ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;"> <ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;">
<li>Passwords must be at least four characters and may not contain spaces. For best results, <a href="#" onclick="return generate_random_password()">generate a random password</a>.</li> <li>Passwords must be at least eight characters and may not contain spaces. For best results, <a href="#" onclick="return generate_random_password()">generate a random password</a>.</li>
<li>Use <a href="#" onclick="return show_panel('aliases')">aliases</a> to create email addresses that forward to existing accounts.</li> <li>Use <a href="#" onclick="return show_panel('aliases')">aliases</a> to create email addresses that forward to existing accounts.</li>
<li>Administrators get access to this control panel.</li> <li>Administrators get access to this control panel.</li>
<li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#" onclick="return show_panel('aliases');">aliases</a> can.</li> <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#" onclick="return show_panel('aliases');">aliases</a> can.</li>
...@@ -296,7 +296,7 @@ function mod_priv(elem, add_remove) { ...@@ -296,7 +296,7 @@ function mod_priv(elem, add_remove) {
function generate_random_password() { function generate_random_password() {
var pw = ""; var pw = "";
var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
for (var i = 0; i < 10; i++) for (var i = 0; i < 12; i++)
pw += charset.charAt(Math.floor(Math.random() * charset.length)); pw += charset.charAt(Math.floor(Math.random() * charset.length));
show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr"); show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
return false; // cancel click return false; // cancel click
......
...@@ -185,7 +185,7 @@ cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \ ...@@ -185,7 +185,7 @@ cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \
${RCM_PLUGIN_DIR}/password/config.inc.php ${RCM_PLUGIN_DIR}/password/config.inc.php
tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \ tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \
"\$config['password_minimum_length']=4;" \ "\$config['password_minimum_length']=8;" \
"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
......
...@@ -30,8 +30,8 @@ def mgmt(cmd, data=None, is_json=False): ...@@ -30,8 +30,8 @@ def mgmt(cmd, data=None, is_json=False):
def read_password(): def read_password():
while True: while True:
first = getpass.getpass('password: ') first = getpass.getpass('password: ')
if len(first) < 4: if len(first) < 8:
print("Passwords must be at least four characters.") print("Passwords must be at least eight characters.")
continue continue
if re.search(r'[\s]', first): if re.search(r'[\s]', first):
print("Passwords cannot contain spaces.") print("Passwords cannot contain spaces.")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment