Added env variable to set a minium password length

docs/advanced.rst

@@ -74,6 +74,8 @@ Available environment variables
 +-------------------------------+-------------------------------------------------------------------------------------+-----------------+--------------------------------------+
 | GOKAPI_MAX_FILESIZE           | Sets the maximum allowed file size in MB                                            | Yes             | 102400 (100GB)                       |
 +-------------------------------+-------------------------------------------------------------------------------------+-----------------+--------------------------------------+
+| GOKAPI_MIN_LENGTH_PASSWORD    | Sets the minium password length.                                                    | Yes             | 8                                    |
++-------------------------------+-------------------------------------------------------------------------------------+-----------------+--------------------------------------+
 | GOKAPI_MAX_MEMORY_UPLOAD      | Sets the amount of RAM in MB that can be allocated for an upload chunk or file      | Yes             | 50                                   |
 |                               |                                                                                     |                 |                                      |
 |                               | Any chunk or file with a size greater than that will be written to a temporary file |                 |                                      |

internal/configuration/Configuration.go

@@ -24,9 +24,6 @@ import (
 	"strings"
 )
 
-// MinLengthPassword is the required length of admin password in characters
-const MinLengthPassword = 8
-
 // Environment is an object containing the environment variables
 var Environment environment.Environment
 
@@ -91,6 +88,9 @@ func Load() {
 	if serverSettings.ChunkSize == 0 {
 		serverSettings.ChunkSize = 45
 	}
+	if serverSettings.MinLengthPassword == 0 {
+		serverSettings.MinLengthPassword = 8
+	}
 	serverSettings.LengthId = Environment.LengthId
 	serverSettings.LengthHotlinkId = Environment.LengthHotlinkId
 	helper.CreateDir(serverSettings.DataDir)
@@ -184,8 +184,8 @@ func deleteAllEncryptedStorage() {
 
 // SetDeploymentPassword sets a new password. This should only be used for non-interactive deployment, but is not enforced
 func SetDeploymentPassword(newPassword string) {
-	if len(newPassword) < MinLengthPassword {
-		fmt.Printf("Password needs to be at least %d characters long\n", MinLengthPassword)
+	if len(newPassword) < serverSettings.MinLengthPassword {
+		fmt.Printf("Password needs to be at least %d characters long\n", serverSettings.MinLengthPassword)
 		os.Exit(1)
 	}
 	serverSettings.Authentication.SaltAdmin = helper.GenerateRandomString(30)

internal/configuration/setup/Setup.go

@@ -244,6 +244,7 @@ func toConfiguration(formObjects *[]jsonFormObject) (models.Configuration, *clou
 		MaxMemory:          parsedEnv.MaxMemory,
 		DataDir:            parsedEnv.DataDir,
 		MaxParallelUploads: parsedEnv.MaxParallelUploads,
+		MinLengthPassword:  parsedEnv.MinLengthPassword,
 		ChunkSize:          parsedEnv.ChunkSizeMB,
 		ConfigVersion:      configupgrade.CurrentConfigVersion,
 		Authentication:     models.AuthenticationConfig{},
@@ -644,8 +645,8 @@ func parseEncryptionAndDelete(result *models.Configuration, formObjects *[]jsonF
 	if encLevel == encryption.LocalEncryptionInput || encLevel == encryption.FullEncryptionInput {
 		result.Encryption.Salt = helper.GenerateRandomString(30)
 		result.Encryption.ChecksumSalt = helper.GenerateRandomString(30)
-		if len(masterPw) < configuration.MinLengthPassword {
-			return configuration.End2EndReconfigParameters{}, errors.New("password is less than " + strconv.Itoa(configuration.MinLengthPassword) + " characters long")
+		if len(masterPw) < configuration.Environment.MinLengthPassword {
+			return configuration.End2EndReconfigParameters{}, errors.New("password is less than " + strconv.Itoa(configuration.Environment.MinLengthPassword) + " characters long")
 		}
 		result.Encryption.Checksum = encryption.PasswordChecksum(masterPw, result.Encryption.ChecksumSalt)
 	}
@@ -705,6 +706,7 @@ type setupView struct {
 	CloudSettings      cloudconfig.CloudConfig
 	DatabaseSettings   models.DbConnection
 	ProtectedUrls      []string
+	MinPasswordLength  int
 }
 
 func (v *setupView) loadFromConfig() {
@@ -717,6 +719,7 @@ func (v *setupView) loadFromConfig() {
 	v.HasAwsFeature = aws.IsIncludedInBuild
 	v.ProtectedUrls = protectedUrls
 	if isInitialSetup {
+		v.MinPasswordLength = environment.New().MinLengthPassword
 		return
 	}
 	configuration.Load()

internal/configuration/setup/templates/setup.tmpl

@@ -261,10 +261,10 @@
 								<input type="text" class="form-control" id="auth_username" name="auth_username" placeholder="Username" data-min="3" required data-validate="validateMinLength">
 							</div><br><br>
 							<div class="col-sm-8">
-								<input type="password" autocomplete="new-password" class="form-control" id="auth_pw" name="auth_pw" placeholder="Password" data-min="8" required data-validate="validatePassword">
+								<input type="password" autocomplete="new-password" class="form-control" id="auth_pw" name="auth_pw" placeholder="Password" data-min={{ .MinPasswordLength }} required data-validate="validatePassword">
 							</div><br><br>
 							<div class="col-sm-8">
-								<input type="password" autocomplete="new-password" class="form-control" id="auth_pw2" name="auth_pw2" placeholder="Password (repeat)" data-min="8" required>
+								<input type="password" autocomplete="new-password" class="form-control" id="auth_pw2" name="auth_pw2" placeholder="Password (repeat)" data-min={{ .MinPasswordLength }} required>
 						</div>
 					</div>
 

internal/environment/Environment.go

@@ -33,6 +33,7 @@ type Environment struct {
 	AwsKeyId           string `env:"AWS_KEY"`
 	AwsKeySecret       string `env:"AWS_KEY_SECRET"`
 	AwsEndpoint        string `env:"AWS_ENDPOINT"`
+	MinLengthPassword  int    `env:"MIN_LENGTH_PASSWORD" envDefault:"8"`
 }
 
 // New parses the env variables

internal/environment/Environment_test.go

@@ -45,6 +45,10 @@ func TestEnvLoad(t *testing.T) {
 	env = New()
 	test.IsEqualInt(t, env.LengthId, 86)
 	os.Unsetenv("GOKAPI_LENGTH_ID")
+	os.Setenv("GOKAPI_MIN_LENGTH_PASSWORD", "12")
+	env = New()
+	test.IsEqualInt(t, env.MinLengthPassword, 12)
+	os.Unsetenv("GOKAPI_MIN_LENGTH_PASSWORD")
 	env = New()
 	os.Setenv("GOKAPI_LENGTH_ID", "15")
 	os.Setenv("GOKAPI_MAX_MEMORY_UPLOAD", "0")

internal/models/Configuration.go

@@ -26,6 +26,7 @@ type Configuration struct {
 	PicturesAlwaysLocal bool                 `json:"PicturesAlwaysLocal"`
 	SaveIp              bool                 `json:"SaveIp"`
 	IncludeFilename     bool                 `json:"IncludeFilename"`
+	MinLengthPassword   int                  `json:"MinLengthPassword"`
 }
 
 // Encryption hold information about the encryption used on this file

internal/models/Configuration_test.go

@@ -17,18 +17,19 @@ var testConfig = Configuration{
 		OAuthClientId:     "",
 		OAuthClientSecret: "",
 	},
-	Port:            ":12345",
-	ServerUrl:       "https://testserver.com/",
-	RedirectUrl:     "https://test.com",
-	DatabaseUrl:     "sqlite://./test/gokapitest.sqlite",
-	ConfigVersion:   14,
-	LengthId:        5,
-	LengthHotlinkId: 10,
-	DataDir:         "test",
-	MaxMemory:       50,
-	UseSsl:          true,
-	MaxFileSizeMB:   20,
-	PublicName:      "public-name",
+	Port:              ":12345",
+	ServerUrl:         "https://testserver.com/",
+	RedirectUrl:       "https://test.com",
+	DatabaseUrl:       "sqlite://./test/gokapitest.sqlite",
+	ConfigVersion:     14,
+	LengthId:          5,
+	LengthHotlinkId:   10,
+	DataDir:           "test",
+	MaxMemory:         50,
+	UseSsl:            true,
+	MaxFileSizeMB:     20,
+	MinLengthPassword: 8,
+	PublicName:        "public-name",
 	Encryption: Encryption{
 		Level:        1,
 		Cipher:       []byte{0x00},
@@ -47,4 +48,4 @@ func TestConfiguration_ToString(t *testing.T) {
 	test.IsEqualString(t, testConfig.ToString(), exptectedUnidentedOutput)
 }
 
-const exptectedUnidentedOutput = `{"Authentication":{"Method":0,"SaltAdmin":"saltadmin","SaltFiles":"saltfiles","Username":"admin","HeaderKey":"","OauthProvider":"","OAuthClientId":"","OAuthClientSecret":"","OauthGroupScope":"","OAuthRecheckInterval":0,"OAuthGroups":null,"OnlyRegisteredUsers":false},"Port":":12345","ServerUrl":"https://testserver.com/","RedirectUrl":"https://test.com","PublicName":"public-name","DataDir":"test","DatabaseUrl":"sqlite://./test/gokapitest.sqlite","ConfigVersion":14,"MaxFileSizeMB":20,"MaxMemory":50,"ChunkSize":0,"MaxParallelUploads":0,"Encryption":{"Level":1,"Cipher":"AA==","Salt":"encsalt","Checksum":"encsum","ChecksumSalt":"encsumsalt"},"UseSsl":true,"PicturesAlwaysLocal":true,"SaveIp":false,"IncludeFilename":false}`
+const exptectedUnidentedOutput = `{"Authentication":{"Method":0,"SaltAdmin":"saltadmin","SaltFiles":"saltfiles","Username":"admin","HeaderKey":"","OauthProvider":"","OAuthClientId":"","OAuthClientSecret":"","OauthGroupScope":"","OAuthRecheckInterval":0,"OAuthGroups":null,"OnlyRegisteredUsers":false},"Port":":12345","ServerUrl":"https://testserver.com/","RedirectUrl":"https://test.com","PublicName":"public-name","DataDir":"test","DatabaseUrl":"sqlite://./test/gokapitest.sqlite","ConfigVersion":14,"MaxFileSizeMB":20,"MaxMemory":50,"ChunkSize":0,"MaxParallelUploads":0,"Encryption":{"Level":1,"Cipher":"AA==","Salt":"encsalt","Checksum":"encsum","ChecksumSalt":"encsumsalt"},"UseSsl":true,"PicturesAlwaysLocal":true,"SaveIp":false,"IncludeFilename":false,"MinLengthPassword":8}`

internal/test/testconfiguration/TestConfiguration.go

@@ -475,7 +475,8 @@ var configTestFile = []byte(`{
   "UseSsl": false,
   "PicturesAlwaysLocal": false,
   "SaveIp": false,
-  "IncludeFilename": false
+  "IncludeFilename": false,
+  "MinLengthPassword": 8
 }`)
 
 var sslCertValid = []byte(`-----BEGIN CERTIFICATE-----

internal/webserver/Webserver.go

@@ -310,7 +310,7 @@ func changePassword(w http.ResponseWriter, r *http.Request) {
 	}
 	err = templateFolder.ExecuteTemplate(w, "changepw",
 		genericView{PublicName: configuration.Get().PublicName,
-			MinPasswordLength: configuration.MinLengthPassword,
+			MinPasswordLength: configuration.Environment.MinLengthPassword,
 			ErrorMessage:      errMessage,
 			CustomContent:     customStaticInfo})
 	helper.CheckIgnoreTimeout(err)
@@ -320,7 +320,7 @@ func validateNewPassword(newPassword string, user models.User) (string, string,
 	if len(newPassword) == 0 {
 		return "", user.Password, false
 	}
-	if len(newPassword) < configuration.MinLengthPassword {
+	if len(newPassword) < configuration.Environment.MinLengthPassword {
 		return "Password is too short", user.Password, false
 	}
 	newPasswordHash := configuration.HashPassword(newPassword, false)
@@ -677,6 +677,7 @@ type AdminView struct {
 	ActiveView         int
 	ChunkSize          int
 	MaxParallelUploads int
+	MinLengthPassword  int
 	TimeNow            int64
 	CustomContent      customStatic
 }
@@ -771,6 +772,7 @@ func (u *AdminView) convertGlobalConfig(view int, user models.User) *AdminView {
 	u.IsUserTabAvailable = config.Authentication.Method != models.AuthenticationDisabled
 	u.EndToEndEncryption = config.Encryption.Level == encryption.EndToEndEncryption
 	u.MaxParallelUploads = config.MaxParallelUploads
+	u.MinLengthPassword = config.MinLengthPassword
 	u.ChunkSize = config.ChunkSize
 	u.IncludeFilename = config.IncludeFilename
 	u.SystemKey = api.GetSystemKey(user.Id)

internal/webserver/api/Api.go

@@ -715,7 +715,7 @@ func apiResetPassword(w http.ResponseWriter, r requestParser, user models.User)
 	userToEdit.ResetPassword = true
 	password := ""
 	if request.NewPassword {
-		password = helper.GenerateRandomString(configuration.MinLengthPassword + 2)
+		password = helper.GenerateRandomString(configuration.Environment.MinLengthPassword + 2)
 		userToEdit.Password = configuration.HashPassword(password, false)
 	}
 	database.DeleteAllSessionsByUser(userToEdit.Id)