Changing min pass length from 4 to 8 (fossasia#5599)

uds5501 · abhinavk96 · iamareebjamal · commit 5358ea96b717 · 2019-02-13T10:17:39.000+05:30
* Changing min pass length from 4 to 6

* Updating pass restriction from 6 to 8

- Adding password length checker in API

* Adding minimum length check in change-password


Co-authored-by: Abhinav Khare &lt;abhinav.khare31@gmail.com&gt;
diff --git a/app/api/auth.py b/app/api/auth.py
@@ -251,7 +251,9 @@ def change_password():
         return NotFoundError({'source': ''}, 'User Not Found').respond()
     else:
         if user.is_correct_password(old_password):
-
+            if len(new_password) < 8:
+                return BadRequestError({'source': ''},
+                                       'Password should have minimum 8 characters').respond()
             user.password = new_password
             save_to_db(user)
             send_email_with_action(user, PASSWORD_CHANGE,
diff --git a/app/api/users.py b/app/api/users.py
@@ -41,10 +41,14 @@ class UserList(ResourceList):
     def before_create_object(self, data, view_kwargs):
         """
         method to check if there is an existing user with same email which is received in data to create a new user
+        and if the password is at least 8 characters long
         :param data:
         :param view_kwargs:
         :return:
         """
+        if len(data['password']) < 8:
+            raise UnprocessableEntity({'source': '/data/attributes/password'},
+                                       'Password should be at least 8 characters long')
         if db.session.query(User.id).filter_by(email=data['email']).scalar() is not None:
             raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists")
 
diff --git a/create_db.py b/create_db.py
@@ -24,8 +24,8 @@ def create_default_user(email, password):
         ask_password = True
         while ask_password:
             password = getpass.getpass("Enter password for super_admin : ")
-            if len(password) < 4:
-                print('\nPassword should have minimum 4 characters')
+            if len(password) < 8:
+                print('\nPassword should have minimum 8 characters')
                 continue
             repassword = getpass.getpass("Enter your password again to confirm : ")
             if password != repassword:
