Increase min password lenght to 8 chars

> Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. To make allowances for likely mistyping, verifiers MAY replace multiple consecutive space characters with a single space character prior to verification, provided that the result is at least 8 characters in length. Truncation of the secret SHALL NOT be performed. For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character. https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
2018-09-06 16:24:05 +10:00 · 2018-09-06 16:24:05 +10:00 · 2458765463
parent c991941ef3
commit 2458765463
3 changed files with 3 additions and 3 deletions
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -37,8 +37,8 @@ class UserController extends Controller
                'email',
                'unique:users,email,' . Auth::user()->id . ',id,account_id,' . Auth::user()->account_id
            ],
-            'new_password' => ['min:5', 'confirmed', 'required_with:password'],
            'password'     => 'passcheck',
+            'new_password' => ['min:8', 'confirmed', 'required_with:password'],
            'first_name'   => ['required'],
            'last_name'    => ['required'],
        ];
--- a/app/Http/Controllers/UserSignupController.php
+++ b/app/Http/Controllers/UserSignupController.php
@ -42,7 +42,7 @@ class UserSignupController extends Controller
        $is_attendize = Utils::isAttendize();
        $this->validate($request, [
            'email'        => 'required|email|unique:users',
-            'password'     => 'required|min:5|confirmed',
+            'password'     => 'required|min:8|confirmed',
            'first_name'   => 'required',
            'terms_agreed' => $is_attendize ? 'required' : '',
        ]);
--- a/app/Services/Registrar.php
+++ b/app/Services/Registrar.php
@ -20,7 +20,7 @@ class Registrar implements RegistrarContract
        return Validator::make($data, [
            'name'     => 'required|max:255',
            'email'    => 'required|email|max:255|unique:users',
-            'password' => 'required|confirmed|min:6',
+            'password' => 'required|confirmed|min:8',
        ]);
    }