From 245876546330c355fd3df5eafcd3391326fce274 Mon Sep 17 00:00:00 2001
From: Sebastian Schmidt <publicarray@users.noreply.github.com>
Date: Thu, 6 Sep 2018 16:24:05 +1000
Subject: [PATCH] Increase min password lenght to 8 chars

> Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. To make allowances for likely mistyping, verifiers MAY replace multiple consecutive space characters with a single space character prior to verification, provided that the result is at least 8 characters in length. Truncation of the secret SHALL NOT be performed. For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character.

https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
---
 app/Http/Controllers/UserController.php       | 2 +-
 app/Http/Controllers/UserSignupController.php | 2 +-
 app/Services/Registrar.php                    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 40e5739a..0dcd16c4 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -37,8 +37,8 @@ class UserController extends Controller
                 'email',
                 'unique:users,email,' . Auth::user()->id . ',id,account_id,' . Auth::user()->account_id
             ],
-            'new_password' => ['min:5', 'confirmed', 'required_with:password'],
             'password'     => 'passcheck',
+            'new_password' => ['min:8', 'confirmed', 'required_with:password'],
             'first_name'   => ['required'],
             'last_name'    => ['required'],
         ];
diff --git a/app/Http/Controllers/UserSignupController.php b/app/Http/Controllers/UserSignupController.php
index 605e7b01..45520ddf 100644
--- a/app/Http/Controllers/UserSignupController.php
+++ b/app/Http/Controllers/UserSignupController.php
@@ -42,7 +42,7 @@ class UserSignupController extends Controller
         $is_attendize = Utils::isAttendize();
         $this->validate($request, [
             'email'        => 'required|email|unique:users',
-            'password'     => 'required|min:5|confirmed',
+            'password'     => 'required|min:8|confirmed',
             'first_name'   => 'required',
             'terms_agreed' => $is_attendize ? 'required' : '',
         ]);
diff --git a/app/Services/Registrar.php b/app/Services/Registrar.php
index af9282c9..38f387dc 100644
--- a/app/Services/Registrar.php
+++ b/app/Services/Registrar.php
@@ -20,7 +20,7 @@ class Registrar implements RegistrarContract
         return Validator::make($data, [
             'name'     => 'required|max:255',
             'email'    => 'required|email|max:255|unique:users',
-            'password' => 'required|confirmed|min:6',
+            'password' => 'required|confirmed|min:8',
         ]);
     }