From d7880af0bb38c1eb19f2b509f807b48f47934a7d Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Tue, 7 Nov 2017 16:14:47 -0500
Subject: [PATCH] FIX: change password form validation should instruct admins
 to use min password length for admin accounts

---
 .../discourse/controllers/password-reset.js.es6     |  1 +
 .../discourse/mixins/password-validation.js.es6     | 13 ++++++-------
 app/controllers/users_controller.rb                 | 10 +++++++---
 spec/controllers/users_controller_spec.rb           |  2 +-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/app/assets/javascripts/discourse/controllers/password-reset.js.es6 b/app/assets/javascripts/discourse/controllers/password-reset.js.es6
index e7694a23012..91c62436d6a 100644
--- a/app/assets/javascripts/discourse/controllers/password-reset.js.es6
+++ b/app/assets/javascripts/discourse/controllers/password-reset.js.es6
@@ -7,6 +7,7 @@ import { userPath } from 'discourse/lib/url';
 
 export default Ember.Controller.extend(PasswordValidation, {
   isDeveloper: Ember.computed.alias('model.is_developer'),
+  admin: Ember.computed.alias('model.admin'),
   passwordRequired: true,
   errorMessage: null,
   successMessage: null,
diff --git a/app/assets/javascripts/discourse/mixins/password-validation.js.es6 b/app/assets/javascripts/discourse/mixins/password-validation.js.es6
index 7e9caf62dcc..b65272e03fc 100644
--- a/app/assets/javascripts/discourse/mixins/password-validation.js.es6
+++ b/app/assets/javascripts/discourse/mixins/password-validation.js.es6
@@ -16,13 +16,13 @@ export default Ember.Mixin.create({
     return I18n.t('user.password.instructions', {count: this.get('passwordMinLength')});
   },
 
-  @computed('isDeveloper')
-  passwordMinLength() {
-    return this.get('isDeveloper') ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
+  @computed('isDeveloper', 'admin')
+  passwordMinLength(isDeveloper, admin) {
+    return (isDeveloper || admin) ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
   },
 
-  @computed('accountPassword', 'passwordRequired', 'rejectedPasswords.[]', 'accountUsername', 'accountEmail', 'isDeveloper')
-  passwordValidation(password, passwordRequired, rejectedPasswords, accountUsername, accountEmail, isDeveloper) {
+  @computed('accountPassword', 'passwordRequired', 'rejectedPasswords.[]', 'accountUsername', 'accountEmail', 'passwordMinLength')
+  passwordValidation(password, passwordRequired, rejectedPasswords, accountUsername, accountEmail, passwordMinLength) {
     if (!passwordRequired) {
       return InputValidation.create({ ok: true });
     }
@@ -40,8 +40,7 @@ export default Ember.Mixin.create({
     }
 
     // If too short
-    const passwordLength = isDeveloper ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
-    if (password.length < passwordLength) {
+    if (password.length < passwordMinLength) {
       return InputValidation.create({
         failed: true,
         reason: I18n.t('user.password.too_short')
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ad304f72a63..a8bea72d5f8 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -465,7 +465,10 @@ class UsersController < ApplicationController
         if @error
           render layout: 'no_ember'
         else
-          store_preloaded("password_reset", MultiJson.dump(is_developer: UsernameCheckerService.is_developer?(@user.email)))
+          store_preloaded(
+            "password_reset",
+            MultiJson.dump(is_developer: UsernameCheckerService.is_developer?(@user.email), admin: @user.admin?)
+          )
         end
         return redirect_to(wizard_path) if request.put? && Wizard.user_requires_completion?(@user)
       end
@@ -477,7 +480,8 @@ class UsersController < ApplicationController
               success: false,
               message: @error,
               errors: @user&.errors.to_hash,
-              is_developer: UsernameCheckerService.is_developer?(@user.email)
+              is_developer: UsernameCheckerService.is_developer?(@user.email),
+              admin: @user.admin?
             }
           else
             render json: {
@@ -488,7 +492,7 @@ class UsersController < ApplicationController
             }
           end
         else
-          render json: { is_developer: UsernameCheckerService.is_developer?(@user.email) }
+          render json: { is_developer: UsernameCheckerService.is_developer?(@user.email), admin: @user.admin? }
         end
       end
     end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 03490e1b08f..8ade5e48a92 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -342,7 +342,7 @@ describe UsersController do
         )
 
         expect(response).to be_success
-        expect(response.body).to include('{"is_developer":false}')
+        expect(response.body).to include('{"is_developer":false,"admin":false}')
 
         user.reload