From 09df65d5ece6db381196c91fff246c645d87e291 Mon Sep 17 00:00:00 2001
From: Uku Taht <uku.taht@gmail.com>
Date: Mon, 10 May 2021 13:28:47 +0300
Subject: [PATCH] Improve password policy

---
 lib/plausible/auth/user.ex                         | 1 +
 lib/plausible_web/templates/auth/activate.html.eex | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/plausible/auth/user.ex b/lib/plausible/auth/user.ex
index a243afa5..aff7c1b3 100644
--- a/lib/plausible/auth/user.ex
+++ b/lib/plausible/auth/user.ex
@@ -34,6 +34,7 @@ defmodule Plausible.Auth.User do
     |> cast(attrs, @required)
     |> validate_required(@required)
     |> validate_length(:password, min: 6, message: "has to be at least 6 characters")
+    |> validate_length(:password, max: 64, message: "cannot be longer than 64 characters")
     |> validate_confirmation(:password)
     |> hash_password()
     |> change(trial_expiry_date: trial_expiry())
diff --git a/lib/plausible_web/templates/auth/activate.html.eex b/lib/plausible_web/templates/auth/activate.html.eex
index 3f84ced0..34e7a924 100644
--- a/lib/plausible_web/templates/auth/activate.html.eex
+++ b/lib/plausible_web/templates/auth/activate.html.eex
@@ -9,7 +9,7 @@
 
       <div class="mt-12 flex items-stretch flex-grow">
         <div>
-          <%= text_input f, :code, class: "tracking-widest font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block w-36 px-8 border-gray-300 dark:border-gray-500 rounded-l-md dark:text-gray-200 dark:bg-gray-900", oninput: "this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 4) document.getElementById('submit').focus()", onclick: "this.select();", maxlength: "4", placeholder: "••••", style: "letter-spacing: 10px;" %>
+          <%= text_input f, :code, class: "tracking-widest font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block w-36 px-8 border-gray-300 dark:border-gray-500 rounded-l-md dark:text-gray-200 dark:bg-gray-900", oninput: "this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 4) document.getElementById('submit').focus()", onclick: "this.select();", maxlength: "4", placeholder: "••••", style: "letter-spacing: 10px;", required: "required" %>
         </div>
         <button id="submit" class="button rounded-l-none">Activate &rarr;</button>
       </div>
-- 
GitLab