From e6862713bb6169ca02b6cadec5f98e74940d52f7 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Sun, 16 May 2021 21:52:50 +0800
Subject: [PATCH] Improve password length check.

---
 controllers/user.go     | 11 ++++++++---
 object/check.go         |  8 ++++----
 web/src/UserEditPage.js |  2 +-
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/controllers/user.go b/controllers/user.go
index 26b0b67e..c584d0c3 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -70,6 +70,11 @@ func (c *ApiController) UpdateUser() {
 		panic(err)
 	}
 
+	if user.DisplayName == "" {
+		c.ResponseError("Display name cannot be empty")
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.UpdateUser(id, &user))
 	c.ServeJSON()
 }
@@ -160,12 +165,12 @@ func (c *ApiController) SetPassword() {
 	}
 
 	if strings.Index(newPassword, " ") >= 0 {
-		c.ResponseError("New password contains blank space.")
+		c.ResponseError("New password cannot contain blank space.")
 		return
 	}
 
-	if newPassword == "" {
-		c.ResponseError("Invalid new password")
+	if len(newPassword) <= 5 {
+		c.ResponseError("New password must have at least 6 characters")
 		return
 	}
 
diff --git a/object/check.go b/object/check.go
index fc898e78..d32f0350 100644
--- a/object/check.go
+++ b/object/check.go
@@ -30,10 +30,10 @@ func init() {
 func CheckUserSignup(organizationName string, username string, password string, displayName string, email string, phone string, affiliation string) string {
 	organization := getOrganization("admin", organizationName)
 
-	if len(username) == 0 {
-		return "username cannot be blank"
-	} else if len(password) == 0 {
-		return "password cannot be blank"
+	if len(username) <= 2 {
+		return "username must have at least 3 characters"
+	} else if len(password) <= 5 {
+		return "password must have at least 6 characters"
 	} else if organization == nil {
 		return "organization does not exist"
 	} else if reWhiteSpace.MatchString(username) {
diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js
index ad11805b..e977f82b 100644
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -173,7 +173,7 @@ class UserEditPage extends React.Component {
             {i18next.t("general:Organization")}:
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: '100%'}} value={this.state.user.owner} onChange={(value => {this.updateUserField('owner', value);})}>
+            <Select virtual={false} style={{width: '100%'}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.user.owner} onChange={(value => {this.updateUserField('owner', value);})}>
               {
                 this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
               }