fix: add configurable minimum password length (#5225)

2026-01-23 02:35:10 +00:00 · 2025-06-28 10:07:34 +02:00 · 2025-06-28 10:07:34 +02:00 · 464b644adf
commit 464b644adf
parent 089255997a
21 changed files with 122 additions and 77 deletions
--- a/cmd/config.go
+++ b/cmd/config.go
@ -32,6 +32,7 @@ func addConfigFlags(flags *pflag.FlagSet) {
 	addUserFlags(flags)
 	flags.BoolP("signup", "s", false, "allow users to signup")
 	flags.Bool("create-user-dir", false, "generate user's home directory automatically")
+	flags.Uint("minimum-password-length", settings.DefaultMinimumPasswordLength, "minimum password length for new users")
 	flags.String("shell", "", "shell command to which other commands should be appended")

 	flags.String("auth.method", string(auth.MethodJSONAuth), "authentication type")
@ -144,6 +145,7 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut

 	fmt.Fprintf(w, "Sign up:\t%t\n", set.Signup)
 	fmt.Fprintf(w, "Create User Dir:\t%t\n", set.CreateUserDir)
+	fmt.Fprintf(w, "Minimum Password Length:\t%d\n", set.MinimumPasswordLength)
 	fmt.Fprintf(w, "Auth method:\t%s\n", set.AuthMethod)
 	fmt.Fprintf(w, "Shell:\t%s\t\n", strings.Join(set.Shell, " "))
 	fmt.Fprintln(w, "\nBranding:")
--- a/cmd/config_init.go
+++ b/cmd/config_init.go
@ -29,12 +29,13 @@ override the options.`,
 		authMethod, auther := getAuthentication(flags)

 		s := &settings.Settings{
-			Key:           generateKey(),
-			Signup:        mustGetBool(flags, "signup"),
-			CreateUserDir: mustGetBool(flags, "create-user-dir"),
-			Shell:         convertCmdStrToCmdArray(mustGetString(flags, "shell")),
-			AuthMethod:    authMethod,
-			Defaults:      defaults,
+			Key:                   generateKey(),
+			Signup:                mustGetBool(flags, "signup"),
+			CreateUserDir:         mustGetBool(flags, "create-user-dir"),
+			MinimumPasswordLength: mustGetUint(flags, "minimum-password-length"),
+			Shell:                 convertCmdStrToCmdArray(mustGetString(flags, "shell")),
+			AuthMethod:            authMethod,
+			Defaults:              defaults,
 			Branding: settings.Branding{
 				Name:                  mustGetString(flags, "branding.name"),
 				DisableExternal:       mustGetBool(flags, "branding.disableExternal"),
--- a/cmd/config_set.go
+++ b/cmd/config_set.go
@ -51,6 +51,8 @@ you want to change. Other options will remain unchanged.`,
 				set.Shell = convertCmdStrToCmdArray(mustGetString(flags, flag.Name))
 			case "create-user-dir":
 				set.CreateUserDir = mustGetBool(flags, flag.Name)
+			case "minimum-password-length":
+				set.MinimumPasswordLength = mustGetUint(flags, flag.Name)
 			case "branding.name":
 				set.Branding.Name = mustGetString(flags, flag.Name)
 			case "branding.color":
--- a/cmd/root.go
+++ b/cmd/root.go
@ -365,10 +365,11 @@ func setupLog(logMethod string) {

 func quickSetup(flags *pflag.FlagSet, d pythonData) {
 	set := &settings.Settings{
-		Key:              generateKey(),
-		Signup:           false,
-		CreateUserDir:    false,
-		UserHomeBasePath: settings.DefaultUsersHomeBasePath,
+		Key:                   generateKey(),
+		Signup:                false,
+		CreateUserDir:         false,
+		MinimumPasswordLength: settings.DefaultMinimumPasswordLength,
+		UserHomeBasePath:      settings.DefaultUsersHomeBasePath,
 		Defaults: settings.UserDefaults{
 			Scope:       ".",
 			Locale:      "en",
@ -426,12 +427,12 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) {

 	if password == "" {
 		var pwd string
-		pwd, err = users.RandomPwd()
+		pwd, err = users.RandomPwd(set.MinimumPasswordLength)
 		checkErr(err)

 		log.Println("Randomly generated password for user 'admin':", pwd)

-		password, err = users.HashPwd(pwd)
+		password, err = users.HashAndValidatePwd(pwd, set.MinimumPasswordLength)
 		checkErr(err)
 	}

--- a/cmd/users_add.go
+++ b/cmd/users_add.go
@ -21,7 +21,7 @@ var usersAddCmd = &cobra.Command{
 		checkErr(err)
 		getUserDefaults(cmd.Flags(), &s.Defaults, false)

-		password, err := users.HashPwd(args[1])
+		password, err := users.HashAndValidatePwd(args[1], s.MinimumPasswordLength)
 		checkErr(err)

 		user := &users.User{
--- a/cmd/users_update.go
+++ b/cmd/users_update.go
@ -27,8 +27,10 @@ options you want to change.`,
 		password := mustGetString(flags, "password")
 		newUsername := mustGetString(flags, "username")

+		s, err := d.store.Settings.Get()
+		checkErr(err)
+
 		var (
-			err  error
 			user *users.User
 		)

@ -64,7 +66,7 @@ options you want to change.`,
 		}

 		if password != "" {
-			user.Password, err = users.HashPwd(password)
+			user.Password, err = users.HashAndValidatePwd(password, s.MinimumPasswordLength)
 			checkErr(err)
 		}