Enforce password length check on reset request (#51005)

3 years ago · 1f5f40b2da
parent 6ffac76520
commit 1f5f40b2da
1 changed files with 5 additions and 0 deletions
--- a/pkg/api/password.go
+++ b/pkg/api/password.go
@ -64,6 +64,11 @@ func (hs *HTTPServer) ResetPassword(c *models.ReqContext) response.Response {
 		return response.Error(400, "Passwords do not match", nil)
 	}

+	password := models.Password(form.NewPassword)
+	if password.IsWeak() {
+		return response.Error(400, "New password is too short", nil)
+	}
+
 	cmd := models.ChangeUserPasswordCommand{}
 	cmd.UserId = query.Result.Id
 	var err error