fix: add configurable minimum password length (#5225)

auth/hook.go

@@ -150,7 +150,7 @@ func (a *HookAuth) SaveUser() (*users.User, error) {
 	}
 
 	if u == nil {
-		pass, err := users.HashPwd(a.Cred.Password)
+		pass, err := users.HashAndValidatePwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 		if err != nil {
 			return nil, err
 		}
@@ -186,7 +186,7 @@ func (a *HookAuth) SaveUser() (*users.User, error) {
 
 		// update the password when it doesn't match the current
 		if p {
-			pass, err := users.HashPwd(a.Cred.Password)
+			pass, err := users.HashAndValidatePwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 			if err != nil {
 				return nil, err
 			}

auth/proxy.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"crypto/rand"
 	"errors"
 	"net/http"
 
@@ -29,15 +28,14 @@ func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Sett
 }
 
 func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *settings.Server, username string) (*users.User, error) {
-	const passwordSize = 32
-	randomPasswordBytes := make([]byte, passwordSize)
-	_, err := rand.Read(randomPasswordBytes)
+	const randomPasswordLength = settings.DefaultMinimumPasswordLength + 10
+	pwd, err := users.RandomPwd(randomPasswordLength)
 	if err != nil {
 		return nil, err
 	}
 
 	var hashedRandomPassword string
-	hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
+	hashedRandomPassword, err = users.HashAndValidatePwd(pwd, setting.MinimumPasswordLength)
 	if err != nil {
 		return nil, err
 	}