Aligned password length requirements

Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237
2025-07-28 17:02:04 +03:00 · 2021-12-18 16:31:48 +00:00
parent 04f37e21e2
commit bb9cd9d610
7 changed files with 44 additions and 41 deletions
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@ -13,6 +13,7 @@ use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;

 class RegisterController extends Controller
 {
@ -70,7 +71,7 @@ class RegisterController extends Controller
        return Validator::make($data, [
            'name'     => ['required', 'min:2', 'max:255'],
            'email'    => ['required', 'email', 'max:255', 'unique:users'],
-            'password' => ['required', 'min:8'],
+            'password' => ['required', Password::default()],
        ]);
    }

--- a/app/Http/Controllers/Auth/UserInviteController.php
+++ b/app/Http/Controllers/Auth/UserInviteController.php
@ -11,6 +11,7 @@ use Exception;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
+use Illuminate\Validation\Rules\Password;

 class UserInviteController extends Controller
 {
@ -55,7 +56,7 @@ class UserInviteController extends Controller
    public function setPassword(Request $request, string $token)
    {
        $this->validate($request, [
-            'password' => ['required', 'min:8'],
+            'password' => ['required', Password::default()],
        ]);

        try {
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -13,6 +13,7 @@ use BookStack\Uploads\ImageRepo;
 use Exception;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\Validation\ValidationException;

 class UserController extends Controller
@ -82,7 +83,7 @@ class UserController extends Controller
        $sendInvite = ($request->get('send_invite', 'false') === 'true');

        if ($authMethod === 'standard' && !$sendInvite) {
-            $validationRules['password'] = ['required', 'min:6'];
+            $validationRules['password'] = ['required', Password::default()];
            $validationRules['password-confirm'] = ['required', 'same:password'];
        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
            $validationRules['external_auth_id'] = ['required'];
@ -155,11 +156,11 @@ class UserController extends Controller
        $this->checkPermissionOrCurrentUser('users-manage', $id);

        $this->validate($request, [
-            'name'             => 'min:2',
+            'name'             => ['min:2'],
            'email'            => ['min:2', 'email', 'unique:users,email,' . $id],
-            'password'         => ['min:6', 'required_with:password_confirm'],
+            'password'         => ['required_with:password_confirm', Password::default()],
            'password-confirm' => ['same:password', 'required_with:password'],
-            'setting'          => 'array',
+            'setting'          => ['array'],
            'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
        ]);