enforce a configurable minimum password length when registering

customize.dist/application_config.js

@@ -49,6 +49,8 @@ define(function() {
         users.
     */
     config.loginSalt = '';
+    config.minimum_password_length = 8;
+
     config.badStateTimeout = 30000;
 
     config.applicationsIcon = {

customize.dist/translations/messages.js

@@ -409,6 +409,8 @@ define(function () {
     out.register_importRecent = "Import pad history (Recommended)";
     out.register_acceptTerms = "I accept <a href='/terms.html' tabindex='-1'>the terms of service</a>";
     out.register_passwordsDontMatch = "Passwords do not match!";
+    out.register_passwordTooShort = "Passwords must be at least {0} characters long.";
+
     out.register_mustAcceptTerms = "You must accept the terms of service.";
     out.register_mustRememberPass = "We cannot reset your password if you forget it. It's very important that you remember it! Please check the checkbox to confirm.";
 

www/common/credential.js

@@ -5,6 +5,13 @@ define([
     var Cred = {};
     var Scrypt = window.scrypt;
 
+    Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimum_password_length) === 'number'?
+        AppConfig.minimum_password_length: 8;
+
+    Cred.isLongEnoughPassword = function (passwd) {
+        return passwd.length >= Cred.MINIMUM_PASSWORD_LENGTH;
+    };
+
     var isString = Cred.isString = function (x) {
         return typeof(x) === 'string';
     };

www/common/login.js

@@ -88,6 +88,7 @@ define([
         // validate inputs
         if (!Cred.isValidUsername(uname)) { return void cb('INVAL_USER'); }
         if (!Cred.isValidPassword(passwd)) { return void cb('INVAL_PASS'); }
+        if (!Cred.isLongEnoughPassword(passwd)) { return void cb('PASS_TOO_SHORT'); }
 
         Cred.deriveFromPassphrase(uname, passwd, 128, function (bytes) {
             // results...

www/register/main.js

@@ -7,7 +7,7 @@ define([
 
     'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
     'less!/customize/src/less/loading.less',
-], function ($, Login, Cryptpad, Test) {
+], function ($, Login, Cryptpad, Test, Cred) {
     var Messages = Cryptpad.Messages;
 
     $(function () {
@@ -138,7 +138,8 @@ define([
                     // We need a setTimeout(cb, 0) otherwise the loading screen is only displayed after hashing the password
                     window.setTimeout(function () {
                         Login.loginOrRegister(uname, passwd, true, function (err, result) {
-                            var proxy = result.proxy;
+                            var proxy;
+                            if (result) { proxy = result.proxy; }
 
                             if (err) {
                                 switch (err) {
@@ -163,6 +164,16 @@ define([
                                             });
                                         });
                                         break;
+                                    case 'PASS_TOO_SHORT':
+                                        Cryptpad.removeLoadingScreen(function () {
+                                            var warning = Messages._getKey('register_passwordTooShort', [
+                                                Cred.MINIMUM_PASSWORD_LENGTH
+                                            ]);
+                                            Cryptpad.alert(warning, function () {
+                                                registering = false;
+                                            });
+                                        });
+                                        break;
                                     case 'ALREADY_REGISTERED':
                                         // logMeIn should reset registering = false
                                         Cryptpad.removeLoadingScreen(function () {