Skip to content

fix password min length

HgO requested to merge 23-incorrect-password-limits-for-yunohost into unstable

Closes #23 (closed)

So, because the hypercube.sh script doesn't use the --force-password flag, Yunohost uses additional checks to validate the password. Those checks are done in this class.

In short, they define a strength for the password

defined as a tuple containing the length of the password, 
the number of digits, lowercase letters, uppercase letters, 
and other characters.

For instance, "PikachuDu67" is (11, 2, 7, 2, 0)

Then, they compare the password strength to a list of strengths, from the weakest to the strongest. The minimum strength of an admin password (and an user password) is defined in the file /etc/yunohost/settings.json.

We can see there that it's the minimum level that is required, which means (8, 0, 0, 0, 0), that is, a minimum length of 8!

😅

Note: The postinstall could still fail if the user uses a dictionary word or other common word, and I think checking if the password is from such a list would be out of scope...

Merge request reports