Added minimum password length requirement (even in GUI)

Author: aledipa

src/FreeGPT4_Server.py

@@ -520,6 +520,8 @@ def save_settings():
             confirm_password = request.form.get("confirm_password", "")
             if new_password != confirm_password:
                 raise ValidationError("Passwords do not match")
+            if len(new_password) < 8:
+                raise ValidationError("Password must be at least 8 characters long")
             settings_update["password"] = new_password
 
         # Handle private mode token
@@ -651,6 +653,8 @@ def save_user_settings(username):
             confirm_password = request.form.get("confirm_password", "")
             if new_password != confirm_password:
                 raise ValidationError("Passwords do not match")
+            if len(new_password) < 8:
+                raise ValidationError("Password must be at least 8 characters long")
             settings_update["password"] = new_password
 
         # Save user settings

src/database.py

@@ -288,8 +288,10 @@ def create_user(self, username: str, password: Optional[str] = None) -> str:
         # Validate password
         if password is None:
             password = username  # Default password
+            is_valid, error_msg = validate_password(password, 1)
+        else:
+            is_valid, error_msg = validate_password(password, config.security.password_min_length)
 
-        is_valid, error_msg = validate_password(password, config.security.password_min_length)
         if not is_valid:
             raise ValidationError(error_msg)
 

src/static/js/script.js

@@ -206,19 +206,76 @@ function checkAllProxies() {
   }
 }
 
-// Checks if new password and confirm password match
-function checkPasswordMatch() {
+// Validates password length (minimum 8 characters)
+function validatePasswordLength() {
   var newPassword = document.getElementById("new_password").value;
   var confirmPassword = document.getElementById("confirm_password").value;
-  if (newPassword == confirmPassword) {
-    if (newPassword.length > 0) {
-      replaceElement("error_password", "success_password");
-      return true;
+  
+  // Check if either password field is not empty and has less than 8 characters
+  if ((newPassword.length > 0 && newPassword.length < 8) || 
+      (confirmPassword.length > 0 && confirmPassword.length < 8)) {
+    showElement("error_password_length");
+    hideElement("error_password");
+    hideElement("success_password");
+    return false;
+  } else {
+    hideElement("error_password_length");
+    // Only validate match if both fields have valid length
+    if (newPassword.length >= 8 && confirmPassword.length >= 8) {
+      return validatePasswordMatch();
     }
+    return true;
+  }
+}
+
+// Checks if new password and confirm password match (internal function)
+function validatePasswordMatch() {
+  var newPassword = document.getElementById("new_password").value;
+  var confirmPassword = document.getElementById("confirm_password").value;
+  
+  if (newPassword == confirmPassword) {
+    hideElement("error_password");
+    hideElement("error_password_length");
+    showElement("success_password");
+    return true;
   } else {
-    replaceElement("success_password", "error_password");
+    hideElement("success_password");
+    hideElement("error_password_length");
+    showElement("error_password");
+    return false;
+  }
+}
+
+// Checks if new password and confirm password match (main function for compatibility)
+function checkPasswordMatch() {
+  var newPassword = document.getElementById("new_password").value;
+  var confirmPassword = document.getElementById("confirm_password").value;
+  
+  // Check length first
+  if ((newPassword.length > 0 && newPassword.length < 8) || 
+      (confirmPassword.length > 0 && confirmPassword.length < 8)) {
+    showElement("error_password_length");
+    hideElement("error_password");
+    hideElement("success_password");
+    return false;
+  }
+  
+  // Hide length error if length is valid
+  hideElement("error_password_length");
+  
+  // Check match if both passwords have content
+  if (newPassword.length > 0 && confirmPassword.length > 0) {
+    return validatePasswordMatch();
+  }
+  
+  // If passwords are empty, hide all messages
+  if (newPassword.length === 0 && confirmPassword.length === 0) {
+    hideElement("error_password");
+    hideElement("error_password_length");
+    hideElement("success_password");
   }
-  return false;
+  
+  return newPassword.length >= 8 && confirmPassword.length >= 8;
 }
 
 // Opens the update password form
@@ -232,6 +289,7 @@ function cancelPasswordUpdate() {
   hideElement("password_update");
   hideElement("success_password");
   hideElement("error_password");
+  hideElement("error_password_length");
   replaceElement("cancel_password_update", "open_password_update");
   document.getElementById("new_password").value = "";
   document.getElementById("confirm_password").value = "";
@@ -240,9 +298,10 @@ function cancelPasswordUpdate() {
 // Enables the save button if the password is correct
 function enableSaveButton() {
   var pass_length = document.getElementById("password").value.length;
-  // var isPasswordUpdateClosed = document.getElementById("password_update").hidden;
-  var isPasswordUpdateClosed = document.getElementById("password_update").classList.contains("hidden")
-  if ((checkPasswordMatch() || isPasswordUpdateClosed) && pass_length > 0) {
+  var isPasswordUpdateClosed = document.getElementById("password_update").classList.contains("hidden");
+  var isPasswordValid = isPasswordUpdateClosed || checkPasswordMatch();
+  
+  if (isPasswordValid && pass_length > 0) {
     replaceElement('save_label_dummy', 'save_label');
   } else {
     replaceElement('save_label', 'save_label_dummy');

src/templates/settings.html

@@ -202,12 +202,13 @@ <h3 class="title blue text-xl">Server</h3>
                     <b>Password:</b>
                     <div id="password_update" class="mt-4 hidden">
                         <p class="text-sm"> <b> Set Password </b></p>
-                        <input type="password" id="new_password" name="new_password" class="input outline-none py-1 px-2 rounded-lg inter" placeholder="Your new Password" onchange="enableSaveButton();" autocomplete="new-password"></input>
+                        <input type="password" id="new_password" name="new_password" class="input outline-none py-1 px-2 rounded-lg inter" placeholder="Your new Password" onchange="enableSaveButton();" oninput="validatePasswordLength();" autocomplete="new-password" minlength="8"></input>
                         <p class="text-sm mt-4"> <b> Confirm Password </b></p>
-                        <input type="password" id="confirm_password" name="confirm_password" class="input outline-none py-1 px-2 rounded-lg inter" placeholder="New Password Again" onchange="enableSaveButton();" autocomplete="new-password"></input>
+                        <input type="password" id="confirm_password" name="confirm_password" class="input outline-none py-1 px-2 rounded-lg inter" placeholder="New Password Again" onchange="enableSaveButton();" oninput="validatePasswordLength();" autocomplete="new-password" minlength="8"></input>
+                        <p id="error_password_length" class="text-sm label_red mt-1 hidden"> <b> Error: </b> Password must be at least 8 characters long </p>
                         <p id="error_password" class="text-sm label_red mt-1 hidden"> <b> Error: </b> Passwords do not match </p>
                         <p id="success_password" class="text-sm label_green mt-1 hidden"> 
-                            <b> Success: </b> Passwords match. <br> 
+                            <b> Success: </b> Passwords match and meet requirements. <br> 
                             <i> When entering the old password below to confirm, the password will be updated </i>
                         </p>
                     </div>