mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Ensure complexity, minlength and ispwned are checked on password setting (#18005)
It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
		| @@ -379,6 +379,10 @@ func runChangePassword(c *cli.Context) error { | ||||
| 	if err := initDB(ctx); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	if len(c.String("password")) < setting.MinPasswordLength { | ||||
| 		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength) | ||||
| 	} | ||||
|  | ||||
| 	if !pwd.IsComplexEnough(c.String("password")) { | ||||
| 		return errors.New("Password does not meet complexity requirements") | ||||
| 	} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user