Commit 2f161208 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'issue_14563' into 'master'

Fix user creation with stronger minimum password requirements

## What does this MR do?

`doc/security/password_length_limits.md` Describes a way to increase minimum requirements of passwords, via `config/initializers/devise_password_length.rb`. However, user creation hardcoded password generation at 8 characters.

If the minimum was set at any more than 8 characters, user creation will fail.

Function now looks up minimum length requirement.

## What are the relevant issue numbers?

Fixes #14563.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4054
parents 2f5e3ee6 64883faa
...@@ -6,6 +6,7 @@ v 8.10.0 (unreleased) ...@@ -6,6 +6,7 @@ v 8.10.0 (unreleased)
- Fix MR-auto-close text added to description. !4836 - Fix MR-auto-close text added to description. !4836
- Fix pagination when sorting by columns with lots of ties (like priority) - Fix pagination when sorting by columns with lots of ties (like priority)
- Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise. - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
- Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
v 8.9.1 v 8.9.1
- Fix merge requests project settings help link anchor - Fix merge requests project settings help link anchor
......
...@@ -308,7 +308,7 @@ class User < ActiveRecord::Base ...@@ -308,7 +308,7 @@ class User < ActiveRecord::Base
def generate_password def generate_password
if self.force_random_password if self.force_random_password
self.password = self.password_confirmation = Devise.friendly_token.first(8) self.password = self.password_confirmation = Devise.friendly_token.first(Devise.password_length.min)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment