Incorporated review comments for #5705

2024-07-04 11:33:52 -05:00 · 2023-02-01 14:24:49 +05:30 · 2023-02-01 14:24:49 +05:30 · e247867abf
commit e247867abf
parent aa6c199e98
8 changed files with 19 additions and 7 deletions
--- a/docs/en_US/change_password_dialog.rst
+++ b/docs/en_US/change_password_dialog.rst
@ -13,6 +13,9 @@ Please consider the following guidelines when selecting a password:

 * Ensure that your password is an adequate length; 6 characters should be the
  absolute minimum number of characters in the password.
+* The minimum password length is set by default to six characters. This value 
+  can be changed by setting the *PASSWORD_LENGTH_MIN* option to desired length 
+  in pgAdmin configuration; see :ref:`config_py` for more information.
 * Ensure that your password is not open to dictionary attacks. Use a mixture of
  upper and lower case letters and numerics, and avoid words or names. Consider
  using the first letter from each word in a phrase that you will remember
--- a/docs/en_US/change_user_password.rst
+++ b/docs/en_US/change_user_password.rst
@ -13,6 +13,9 @@ Please consider the following guidelines when selecting a password:

 * Ensure that your password is an adequate length; 6 characters should be the
  absolute minimum number of characters in the password.
+* The minimum password length is set by default to six characters. This value 
+  can be changed by setting the *PASSWORD_LENGTH_MIN* option to desired length 
+  in pgAdmin configuration; see :ref:`config_py` for more information.
 * Ensure that your password is not open to dictionary attacks. Use a mixture of
  upper and lower case letters and numerics, and avoid words or names. Consider
  using the first letter from each word in a phrase that you will remember
--- a/web/config.py
+++ b/web/config.py
@ -193,7 +193,7 @@ ALLOWED_HOSTS = []
 SECURITY_PASSWORD_HASH = 'pbkdf2_sha512'

 # Minimum password length
-SECURITY_PASSWORD_LENGTH_MIN = 6
+PASSWORD_LENGTH_MIN = 6

 # Reverse Proxy parameters
 # You must tell the middleware how many proxies set each header
--- a/web/pgadmin/init.py
+++ b/web/pgadmin/init.py
@ -350,6 +350,7 @@ def create_app(app_name=None):
    app.config['SECURITY_MSG_USER_DOES_NOT_EXIST'] = \
        app.config['SECURITY_MSG_INVALID_PASSWORD'] = \
        (gettext("Incorrect username or password."), "error")
+    app.config['SECURITY_PASSWORD_LENGTH_MIN'] = config.PASSWORD_LENGTH_MIN

    # Create database connection object and mailer
    db.init_app(app)
--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -627,7 +627,8 @@ def utils():
            login_url=login_url,
            username=current_user.username,
            auth_source=auth_source,
-            heartbeat_timeout=config.SERVER_HEARTBEAT_TIMEOUT
+            heartbeat_timeout=config.SERVER_HEARTBEAT_TIMEOUT,
+            password_length_min=config.PASSWORD_LENGTH_MIN
        ),
        200, {'Content-Type': MIMETYPE_APP_JS})

--- a/web/pgadmin/browser/templates/browser/js/utils.js
+++ b/web/pgadmin/browser/templates/browser/js/utils.js
@ -69,6 +69,9 @@ define('pgadmin.browser.utils',
   /* Server Heartbeat Timeout */
  pgAdmin['heartbeat_timeout'] =  '{{heartbeat_timeout}}';

+  /* Minimum password length */
+  pgAdmin['password_length_min'] = '{{password_length_min}}';
+
  // Define list of nodes on which Query tool option doesn't appears
  let unsupported_nodes = pgAdmin.unsupported_nodes = [
     'server_group', 'server', 'coll-tablespace', 'tablespace',
--- a/web/pgadmin/setup/user_info.py
+++ b/web/pgadmin/setup/user_info.py
@ -55,13 +55,13 @@ def user_info_server():
            email = input(ENTER_EMAIL_ADDRESS)

        p1, p2 = pprompt()
-        while p1 != p2 or len(p1) < 6:
+        while p1 != p2 or len(p1) < config.PASSWORD_LENGTH_MIN:
            if p1 != p2:
                print('Passwords do not match. Please try again.')
            else:
                print(
-                    'Password must be at least 6 characters. '
-                    'Please try again.'
+                    'Password must be at least {} characters. '
+                    'Please try again.'.format(config.PASSWORD_LENGTH_MIN)
                )
            p1, p2 = pprompt()

--- a/web/pgadmin/tools/user_management/static/js/UserManagementDialog.jsx
+++ b/web/pgadmin/tools/user_management/static/js/UserManagementDialog.jsx
@ -133,6 +133,7 @@ class UserManagementCollection extends BaseUISchema {
  validate(state, setError) {
    let msg = undefined;
    let obj = this;
+    let minPassLen = pgAdmin.password_length_min;
    if (obj.isUserNameEnabled(state) && isEmptyString(state.username)) {
      msg = gettext('Username cannot be empty');
      setError('username', msg);
@ -184,8 +185,8 @@ class UserManagementCollection extends BaseUISchema {
        msg = gettext('Password cannot be empty for user %s', state.email);
        setError('newPassword', msg);
        return true;
-      } else if (state.newPassword?.length < 6) {
-        msg = gettext('Password must be at least 6 characters for user %s', state.email);
+      } else if (state.newPassword?.length < minPassLen) {
+        msg = gettext('Password must be at least %s characters for user %s', minPassLen, state.email);
        setError('newPassword', msg);
        return true;
      } else {