From: Jonathan Prykop <jonathan@freeside.biz>
Date: Wed, 6 Jan 2016 04:19:26 +0000 (-0600)
Subject: RT#39481: Password Maximum Length
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=6bfd3e59317994ac1911988109fc6add0cf87f13

RT#39481: Password Maximum Length
---

diff --git a/FS/FS/ClientAPI/MyAccount/contact.pm b/FS/FS/ClientAPI/MyAccount/contact.pm
index c893c105d..dd3a40b92 100644
--- a/FS/FS/ClientAPI/MyAccount/contact.pm
+++ b/FS/FS/ClientAPI/MyAccount/contact.pm
@@ -26,12 +26,7 @@ sub contact_passwd {
 
   my $error = '';
 
-  # use these svc_acct length restrictions??
-  my $conf = new FS::Conf;
-  $error = 'Password too short.'
-    if length($p->{'new_password'}) < ($conf->config('passwordmin') || 6);
-  $error = 'Password too long.'
-    if length($p->{'new_password'}) > ($conf->config('passwordmax') || 8);
+  # length checks now in is_password_allowed
 
   $error ||= $contact->is_password_allowed($p->{'new_password'});
 
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index 834fd6fc3..0f75960f7 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -47,7 +47,7 @@ sub is_password_allowed {
   # options for Data::Password
   $DICTIONARY = 4;   # minimum length of disallowed words
   $MINLEN = $conf->config('passwordmin') || 6;
-  $MAXLEN = $conf->config('passwordmax') || 8;
+  $MAXLEN = $conf->config('passwordmax') || 12;
   $GROUPS = 4;       # must have all 4 'character groups': numbers, symbols, uppercase, lowercase
   # other options use the defaults listed below:
   # $FOLLOWING = 3;    # disallows more than 3 chars in a row, by alphabet or keyboard (ie abcd or asdf)
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 53b12f181..59d1e04f9 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -72,7 +72,7 @@ FS::UID->install_callback( sub {
   $passwordmin = ( defined($passwordmin) && $passwordmin =~ /\d+/ )
                    ? $passwordmin
                    : 6;
-  $passwordmax = $conf->config('passwordmax') || 8;
+  $passwordmax = $conf->config('passwordmax') || 12;
   $username_letter = $conf->exists('username-letter');
   $username_letterfirst = $conf->exists('username-letterfirst');
   $username_noperiod = $conf->exists('username-noperiod');
diff --git a/httemplate/edit/cust_main/first_pkg/svc_acct.html b/httemplate/edit/cust_main/first_pkg/svc_acct.html
index 8308af431..3644d62f9 100644
--- a/httemplate/edit/cust_main/first_pkg/svc_acct.html
+++ b/httemplate/edit/cust_main/first_pkg/svc_acct.html
@@ -78,7 +78,7 @@ my $conf = new FS::Conf;
 
 my $ulen = dbdef->table('svc_acct')->column('username')->length;
 my $ulen2 = $ulen+2;
-my $passwordmax = $conf->config('passwordmax') || 8;
+my $passwordmax = $conf->config('passwordmax') || 12;
 my $pmax2 = $passwordmax + 2;
 
 </%init>
diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi
index 0cf0c20e1..ca26c6cf0 100755
--- a/httemplate/edit/svc_acct.cgi
+++ b/httemplate/edit/svc_acct.cgi
@@ -553,7 +553,7 @@ my $ulen =
   : dbdef->table('svc_acct')->column('username')->length;
 my $ulen2 = $ulen+2;
 
-my $pmax = max($conf->config('passwordmax') || 13);
+my $pmax = max($conf->config('passwordmax') || 12);
 my $pmax2 = $pmax+2;
 
 my $p1 = popurl(1);