From b51b0be153a6f4e9028909f29822d6b8bcad7c91 Mon Sep 17 00:00:00 2001
From: Shannon Sterz <s.sterz@proxmox.com>
Date: Fri, 4 Oct 2024 15:40:53 +0200
Subject: [PATCH] api: enforce minimum character limit of 8 on new passwords

we already have two different password schemas, `PBS_PASSWORD_SCHEMA`
being the stricter one, which ensures a minimum length of new
passwords. however, this wasn't used on the change password endpoint
before, so add it there too. this is also in-line with NIST's latest
recommendations [1].

[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 pbs-api-types/src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs
index e73f1f8a..acc2fca3 100644
--- a/pbs-api-types/src/lib.rs
+++ b/pbs-api-types/src/lib.rs
@@ -214,7 +214,7 @@ pub const OPENSSL_CIPHERS_TLS_1_3_SCHEMA: Schema =
 
 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
     .format(&PASSWORD_FORMAT)
-    .min_length(5)
+    .min_length(8)
     .max_length(64)
     .schema();