Home Explore Help
Register Sign In
Apq
/
sftpgo
mirror of https://github.com/drakkan/sftpgo.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

ensure to always validate password strength

Signed-off-by: Nicola Murino <[email protected]>
Nicola Murino 2 years ago
parent
9ba468698b
commit
af4f54bf11
1 changed files with 5 additions and 0 deletions
Unified View Show Diff Stats
  1. 5 0
      internal/dataprovider/dataprovider.go

+ 5 - 0
internal/dataprovider/dataprovider.go
View File 

@@ -1882,6 +1882,11 @@ func AddUser(user *User, executor, ipAddress string) error {
 
 
 
 // UpdateUserPassword updates the user password
 
 // UpdateUserPassword updates the user password
 
 func UpdateUserPassword(username, plainPwd, executor, ipAddress string) error {
 
 func UpdateUserPassword(username, plainPwd, executor, ipAddress string) error {
 
+	if config.PasswordValidation.Users.MinEntropy > 0 {
 
+		if err := passwordvalidator.Validate(plainPwd, config.PasswordValidation.Users.MinEntropy); err != nil {
 
+			return util.NewValidationError(err.Error())
 
+		}
 
+	}
 
 	hashedPwd, err := hashPlainPassword(plainPwd)
 
 	hashedPwd, err := hashPlainPassword(plainPwd)
 
 	if err != nil {
 
 	if err != nil {
 
 		return util.NewGenericError(fmt.Sprintf("unable to set the new password: %v", err))
 
 		return util.NewGenericError(fmt.Sprintf("unable to set the new password: %v", err))