From c1345e0e7a1e13837f6c62af3222a70a0682d729 Mon Sep 17 00:00:00 2001
From: Dominik Murzynowski <github@domyno.pl>
Date: Tue, 14 Feb 2017 19:19:07 +0100
Subject: [PATCH] Change password min-length to 8 characters

---
 management/mailconfig.py        | 4 ++--
 management/templates/users.html | 4 ++--
 setup/webmail.sh                | 2 +-
 tools/mail.py                   | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index d044c1ab..4cb57027 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -599,8 +599,8 @@ def validate_password(pw):
 		raise ValueError("No password provided.")
 	if re.search(r"[\s]", pw):
 		raise ValueError("Passwords cannot contain spaces.")
-	if len(pw) < 4:
-		raise ValueError("Passwords must be at least four characters.")
+	if len(pw) < 8:
+		raise ValueError("Passwords must be at least eight characters.")
 
 
 if __name__ == "__main__":
diff --git a/management/templates/users.html b/management/templates/users.html
index 2cda327c..e0545835 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -31,7 +31,7 @@
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
 <ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;">
-  <li>Passwords must be at least four characters and may not contain spaces. For best results, <a href="#" onclick="return generate_random_password()">generate a random password</a>.</li>
+  <li>Passwords must be at least eight characters and may not contain spaces. For best results, <a href="#" onclick="return generate_random_password()">generate a random password</a>.</li>
   <li>Use <a href="#" onclick="return show_panel('aliases')">aliases</a> to create email addresses that forward to existing accounts.</li>
   <li>Administrators get access to this control panel.</li>
   <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#" onclick="return show_panel('aliases');">aliases</a> can.</li>
@@ -296,7 +296,7 @@ function mod_priv(elem, add_remove) {
 function generate_random_password() {
   var pw = "";
   var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
-  for (var i = 0; i < 10; i++)
+  for (var i = 0; i < 12; i++)
     pw += charset.charAt(Math.floor(Math.random() * charset.length));
   show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
   return false; // cancel click
diff --git a/setup/webmail.sh b/setup/webmail.sh
index b0b916f7..dd861a35 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -185,7 +185,7 @@ cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \
 	${RCM_PLUGIN_DIR}/password/config.inc.php
 
 tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \
-	"\$config['password_minimum_length']=4;" \
+	"\$config['password_minimum_length']=8;" \
 	"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
 	"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
 	"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
diff --git a/tools/mail.py b/tools/mail.py
index d0e546ab..566971e4 100755
--- a/tools/mail.py
+++ b/tools/mail.py
@@ -30,8 +30,8 @@ def mgmt(cmd, data=None, is_json=False):
 def read_password():
     while True:
         first = getpass.getpass('password: ')
-        if len(first) < 4:
-            print("Passwords must be at least four characters.")
+        if len(first) < 8:
+            print("Passwords must be at least eight characters.")
             continue
         if re.search(r'[\s]', first):
             print("Passwords cannot contain spaces.")