go-gitea · lunny · Dec 24, 2016 · Nov 23, 2016 · Dec 24, 2016 · tboerger
diff --git a/conf/app.ini b/conf/app.ini
@@ -168,6 +168,8 @@ COOKIE_USERNAME = gitea_awesome
 COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Sets the minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6
 
 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
@@ -96,6 +96,7 @@ var (
 CookieUserName string
 CookieRememberName string
 ReverseProxyAuthUser string
+MinPasswordLength int
 
 // Database settings
 UseSQLite3 bool
@@ -589,6 +590,11 @@ please consider changing to GITEA_CUSTOM`)
 CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
 CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible")
 ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
+MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt()
+
+if MinPasswordLength == 0 {
+MinPasswordLength = 6
+}
 
 sec = Cfg.Section("attachment")
 AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -165,7 +165,7 @@ send_reset_mail = Click here to (re)send your password reset email
 reset_password = Reset Your Password
 invalid_code = Sorry, your confirmation code has expired or not valid.
 reset_password_helper = Click here to reset your password
-password_too_short = Password length cannot be less then 6.
+password_too_short = Password length cannot be less then %d.
 non_local_account = Non-local accounts cannot change passwords through Gitea.
 
 [mail]

diff --git a/routers/user/auth.go b/routers/user/auth.go
@@ -203,6 +203,11 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo
 ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form)
 return
 }
+if len(form.Password) < setting.MinPasswordLength {
+ctx.Data["Err_Password"] = true
+ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
+return
+}
 
 u := &models.User{
 Name: form.UserName,
@@ -410,7 +415,7 @@ func ResetPasswd(ctx *context.Context) {
 ctx.HTML(200, tplResetPassword)
 }
 
-// ResetPasswdPost response fro reset password request
+// ResetPasswdPost response from reset password request
 func ResetPasswdPost(ctx *context.Context) {
 ctx.Data["Title"] = ctx.Tr("auth.reset_password")
 
@@ -424,10 +429,10 @@ func ResetPasswdPost(ctx *context.Context) {
 if u := models.VerifyUserActiveCode(code); u != nil {
 // Validate password length.
 passwd := ctx.Query("password")
-if len(passwd) < 6 {
+if len(passwd) < setting.MinPasswordLength {
 ctx.Data["IsResetForm"] = true
 ctx.Data["Err_Password"] = true
-ctx.RenderWithErr(ctx.Tr("auth.password_too_short"), tplResetPassword, nil)
+ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
 return
 }