Added minimum password length to app.ini (#223)

2025-10-31 07:21:36 +01:00 · 2016-12-24 14:40:44 +01:00 · 2016-12-24 14:40:44 +01:00 · f27d87d93b
commit f27d87d93b
parent d0932ef147
4 changed files with 17 additions and 4 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -168,6 +168,8 @@ COOKIE_USERNAME = gitea_awesome
 COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Sets the minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6

 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -96,6 +96,7 @@ var (
 	CookieUserName       string
 	CookieRememberName   string
 	ReverseProxyAuthUser string
+	MinPasswordLength    int

 	// Database settings
 	UseSQLite3    bool
@ -589,6 +590,11 @@ please consider changing to GITEA_CUSTOM`)
 	CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible")
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
+	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt()
+
+	if MinPasswordLength == 0 {
+		MinPasswordLength = 6
+	}

 	sec = Cfg.Section("attachment")
 	AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -165,7 +165,7 @@ send_reset_mail = Click here to (re)send your password reset email
 reset_password = Reset Your Password
 invalid_code = Sorry, your confirmation code has expired or not valid.
 reset_password_helper = Click here to reset your password
-password_too_short = Password length cannot be less then 6.
+password_too_short = Password length cannot be less then %d.
 non_local_account = Non-local accounts cannot change passwords through Gitea.

 [mail]
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@ -203,6 +203,11 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo
 		ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form)
 		return
 	}
+	if len(form.Password) < setting.MinPasswordLength {
+		ctx.Data["Err_Password"] = true
+		ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
+		return
+	}

 	u := &models.User{
 		Name:     form.UserName,
@ -410,7 +415,7 @@ func ResetPasswd(ctx *context.Context) {
 	ctx.HTML(200, tplResetPassword)
 }

-// ResetPasswdPost response fro reset password request
+// ResetPasswdPost response from reset password request
 func ResetPasswdPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("auth.reset_password")

@ -424,10 +429,10 @@ func ResetPasswdPost(ctx *context.Context) {
 	if u := models.VerifyUserActiveCode(code); u != nil {
 		// Validate password length.
 		passwd := ctx.Query("password")
-		if len(passwd) < 6 {
+		if len(passwd) < setting.MinPasswordLength {
 			ctx.Data["IsResetForm"] = true
 			ctx.Data["Err_Password"] = true
-			ctx.RenderWithErr(ctx.Tr("auth.password_too_short"), tplResetPassword, nil)
+			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
 			return
 		}