Revert "Update password minimum/generated lengths to NTIS 2025 security guidelines"

opengeek · opengeek · commit 618ffaf42f41 · 2025-06-30T14:07:58.000-06:00
This reverts commit 95c9d63.
diff --git a/core/src/Revolution/Processors/Security/Profile/ChangePassword.php b/core/src/Revolution/Processors/Security/Profile/ChangePassword.php
@@ -50,7 +50,7 @@ public function process()
 
         $password = $this->getProperty('password_new');
         if (!$this->getProperty('password_method_screen')) {
-            $length = (integer)$this->modx->getOption('password_min_length', null, 12);
+            $length = (integer)$this->modx->getOption('password_min_length', null, 8);
             $password = str_repeat('*', mt_rand($length, strlen($this->getProperty('password_new')) * 2));
         }
 
@@ -68,7 +68,7 @@ public function validate()
             $this->addFieldError('password_old', $this->modx->lexicon('user_err_password_invalid_old'));
         }
 
-        if (empty($newPassword) || strlen($newPassword) < $this->modx->getOption('password_min_length', null, 12)) {
+        if (empty($newPassword) || strlen($newPassword) < $this->modx->getOption('password_min_length', null, 8)) {
             $this->addFieldError('password_new', $this->modx->lexicon('user_err_password_too_short'));
         } else {
             if (!preg_match('/^[^\'\x3c\x3e\(\);\x22\x7b\x7d\x2f\x5c]+$/', $newPassword)) {
diff --git a/core/src/Revolution/Processors/Security/Profile/Update.php b/core/src/Revolution/Processors/Security/Profile/Update.php
@@ -117,7 +117,7 @@ public function validate()
             if (!$this->modx->user->passwordMatches($oldPassword)) {
                 $this->addFieldError('password_old', $this->modx->lexicon('user_err_password_invalid_old'));
             }
-            if (empty($newPassword) || strlen($newPassword) < $this->modx->getOption('password_min_length', null, 12)) {
+            if (empty($newPassword) || strlen($newPassword) < $this->modx->getOption('password_min_length', null, 8)) {
                 $this->addFieldError('password_new', $this->modx->lexicon('user_err_password_too_short'));
             } elseif (!preg_match('/^[^\'\x3c\x3e\(\);\x22\x7b\x7d\x2f\x5c]+$/', $newPassword)) {
                 $this->addFieldError('password_new', $this->modx->lexicon('user_err_password_invalid'));
diff --git a/core/src/Revolution/Processors/Security/User/Validation.php b/core/src/Revolution/Processors/Security/User/Validation.php
@@ -101,7 +101,7 @@ public function checkPassword()
                     $this->processor->addFieldError('specifiedpassword', $this->modx->lexicon('user_err_not_specified_password'));
                 } elseif ($specifiedPassword != $confirmPassword) {
                     $this->processor->addFieldError('confirmpassword', $this->modx->lexicon('user_err_password_no_match'));
-                } elseif (strlen($specifiedPassword) < $this->modx->getOption('password_min_length', null, 12, true)) {
+                } elseif (strlen($specifiedPassword) < $this->modx->getOption('password_min_length', null, 8, true)) {
                     $this->processor->addFieldError('specifiedpassword', $this->modx->lexicon('user_err_password_too_short'));
                 } elseif (!preg_match('/^[^\'\x3c\x3e\(\);\x22\x7b\x7d\x2f\x5c]+$/', $specifiedPassword)) {
                     $this->processor->addFieldError('specifiedpassword', $this->modx->lexicon('user_err_password_invalid'));
diff --git a/core/src/Revolution/modUser.php b/core/src/Revolution/modUser.php
@@ -897,10 +897,10 @@ public function removeLocks(array $options = [])
     public function generatePassword($length = null, array $options = [])
     {
         if ($length === null) {
-            $length = (int)$this->xpdo->getOption('password_generated_length', null, 16, true);
+            $length = (int)$this->xpdo->getOption('password_generated_length', null, 10, true);
         }
 
-        $passwordMinimumLength = (int)$this->xpdo->getOption('password_min_length', null, 12, true);
+        $passwordMinimumLength = (int)$this->xpdo->getOption('password_min_length', null, 8, true);
         if ($length < $passwordMinimumLength) {
             $length = $passwordMinimumLength;
         }

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public function process()`
`50`	`50`
`51`	`51`	`$password = $this->getProperty('password_new');`
`52`	`52`	`if (!$this->getProperty('password_method_screen')) {`
`53`		`- $length = (integer)$this->modx->getOption('password_min_length', null, 12);`
	`53`	`+ $length = (integer)$this->modx->getOption('password_min_length', null, 8);`
`54`	`54`	`$password = str_repeat('', mt_rand($length, strlen($this->getProperty('password_new')) 2));`
`55`	`55`	`}`
`56`	`56`
`@@ -68,7 +68,7 @@ public function validate()`
`68`	`68`	`$this->addFieldError('password_old', $this->modx->lexicon('user_err_password_invalid_old'));`
`69`	`69`	`}`
`70`	`70`
`71`		`- if (empty($newPassword) \|\| strlen($newPassword) < $this->modx->getOption('password_min_length', null, 12)) {`
	`71`	`+ if (empty($newPassword) \|\| strlen($newPassword) < $this->modx->getOption('password_min_length', null, 8)) {`
`72`	`72`	`$this->addFieldError('password_new', $this->modx->lexicon('user_err_password_too_short'));`
`73`	`73`	`} else {`
`74`	`74`	`if (!preg_match('/^[^\'\x3c\x3e\(\);\x22\x7b\x7d\x2f\x5c]+$/', $newPassword)) {`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ public function validate()`
`117`	`117`	`if (!$this->modx->user->passwordMatches($oldPassword)) {`
`118`	`118`	`$this->addFieldError('password_old', $this->modx->lexicon('user_err_password_invalid_old'));`
`119`	`119`	`}`
`120`		`- if (empty($newPassword) \|\| strlen($newPassword) < $this->modx->getOption('password_min_length', null, 12)) {`
	`120`	`+ if (empty($newPassword) \|\| strlen($newPassword) < $this->modx->getOption('password_min_length', null, 8)) {`
`121`	`121`	`$this->addFieldError('password_new', $this->modx->lexicon('user_err_password_too_short'));`
`122`	`122`	`} elseif (!preg_match('/^[^\'\x3c\x3e\(\);\x22\x7b\x7d\x2f\x5c]+$/', $newPassword)) {`
`123`	`123`	`$this->addFieldError('password_new', $this->modx->lexicon('user_err_password_invalid'));`
Original file line number	Diff line number	Diff line change
`@@ -897,10 +897,10 @@ public function removeLocks(array $options = [])`
`897`	`897`	`public function generatePassword($length = null, array $options = [])`
`898`	`898`	`{`
`899`	`899`	`if ($length === null) {`
`900`		`- $length = (int)$this->xpdo->getOption('password_generated_length', null, 16, true);`
	`900`	`+ $length = (int)$this->xpdo->getOption('password_generated_length', null, 10, true);`
`901`	`901`	`}`
`902`	`902`
`903`		`- $passwordMinimumLength = (int)$this->xpdo->getOption('password_min_length', null, 12, true);`
	`903`	`+ $passwordMinimumLength = (int)$this->xpdo->getOption('password_min_length', null, 8, true);`
`904`	`904`	`if ($length < $passwordMinimumLength) {`
`905`	`905`	`$length = $passwordMinimumLength;`
`906`	`906`	`}`