From f2a1b215dd27c6cb9ed1b45a0613886843c6ba7d Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 16 Mar 2017 23:02:13 -0300 Subject: [PATCH] Bug 18298: minPasswordLength should not be used as the default password length MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The length of the passwords generated for a patron should not be as long as the value of minPasswordLength. It is the minimum required size of a password, not the maximum! So let's fix it to 8 if the minPasswordLength if < 8, that sounds reasonable and less risky for patrons. Signed-off-by: Marc Véron Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- .../intranet-tmpl/prog/en/modules/members/member-password.tt | 1 + 1 file changed, 1 insertion(+) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt index 4e66075603..cf5e33d59e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt @@ -10,6 +10,7 @@ // Always generate a strong password var chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; var length = [% minPasswordLength %]; + if ( length < 8 ) length = 8; var password=''; for ( var i = 0 ; i < length ; i++){ password += chars.charAt(Math.floor(Math.random()*chars.length)); -- 2.39.5