[PR #1378] [MERGED] Remove password length validation from login form #1284

New issue

Closed

opened 2026-02-27 09:11:37 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 09:11:37 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1378
Author: @Copilot
Created: 1/6/2026
Status: ✅ Merged
Merged: 1/6/2026
Merged by: @nitnelave

Base: main ← Head: copilot/remove-password-length-check

📝 Commits (2)

eba7997 Initial plan
002085b Remove password length check from login screen

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 app/src/components/login.rs (+1 -1)

📄 Description

Users migrating passwords via lldap_set_password --bypass-password-policy cannot login when their passwords are shorter than 8 characters, despite being valid in the backend.

Changes

Relaxed password validation in app/src/components/login.rs from 8 to 1 character minimum
Password change and reset flows retain 8-character minimum for security

 pub struct FormModel {
     #[validate(length(min = 1, message = "Missing username"))]
     username: String,
-    #[validate(length(min = 8, message = "Invalid password. Min length: 8"))]
+    #[validate(length(min = 1, message = "Missing password"))]
     password: String,
 }

This decouples authentication (which accepts any valid password) from password policy enforcement (which applies only when setting new passwords).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

esm.ubuntu.com

Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https -Wl,-Bstatic /tmp/cargo-installE8W0yX/release/deps/libwasm_bindgen_cli-959290a744f5eff0.rlib /tmp/cargo-installE8W0yX/release/deps/libshlex-d9cdabc28e4bcb3e.rlib sm /tmp/cargo-installE8W0yX/release/deps/libwebpki_roots-3e04446edaf64261.rlib /tmp/cargo-installE8W0yX/release/deps/librustls-3d2eb846b8d9dc3a.rlib /tmp/cargo-installE8W0yX/release/deps/libsubtle-4d83e19c6a70fbb5.rlib /tmp/cargo-installE8W0yX/release/deps/libwebpki-462b1f9e30b495a4.rlib /tmp/cargo-installE8W0yX/release/deps/libring-32ff297d639cfaf8.rlib /tmp/cargo-installE8W0yX/release/deps/libuntrusted-079d8da535acf270.rlib /tmp/cargo-installE8W0yX/release/deps/librustls_pki_types-be6beebc650647ce.rlib f/ri /index.crates.io--error-format=json uild_script_buil--json=diagnostic-rendered-ansi,artifacts,future-incompat uild_script_buil--diagnostic-width=120 uild_script_builcc .rcgu.o -1949cf8c6b5b557/tmp/rustc8uHLYr/symbols.o lib/rustlib/x86_/tmp/cargo-installE8W0yX/release/deps/wasm_bindgen_test_REDACTED-ee15b030b03bc76a.wasm_bindgen_test_REDACTED.da63afa1bf5f4938-cgu.0.rcgu.o (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled

Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

This section details on the original issue you should resolve

<issue_title>[FEATURE REQUEST] Remove password length check from login screen</issue_title>
<issue_description>Motivation

I am using lldap_set_password --bypass-password-policy to migrate passwords from another system. Some of these passwords aren't 8 char long, and I need to maintain them. I'm fine with not being able to modify passwords so the current enforcement in the password change web UI is fine, but I don't see why the login screen should disallow short passwords, when they are correct.

Describe the solution you'd like

Remove the check for 8 chars in the login screen.
</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes lldap/lldap#1377

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1378 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 1/6/2026 **Status:** ✅ Merged **Merged:** 1/6/2026 **Merged by:** [@nitnelave](https://github.com/nitnelave) **Base:** `main` ← **Head:** `copilot/remove-password-length-check` --- ### 📝 Commits (2) - [`eba7997`](https://github.com/lldap/lldap/commit/eba7997ca957bab2fc0188ef744ab261e6809167) Initial plan - [`002085b`](https://github.com/lldap/lldap/commit/002085ba6dc1d6da5f655c8786b49960a1c68e50) Remove password length check from login screen ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/src/components/login.rs` (+1 -1) </details> ### 📄 Description Users migrating passwords via `lldap_set_password --bypass-password-policy` cannot login when their passwords are shorter than 8 characters, despite being valid in the backend. ## Changes - Relaxed password validation in `app/src/components/login.rs` from 8 to 1 character minimum - Password change and reset flows retain 8-character minimum for security ```diff pub struct FormModel { #[validate(length(min = 1, message = "Missing username"))] username: String, - #[validate(length(min = 8, message = "Invalid password. Min length: 8"))] + #[validate(length(min = 1, message = "Missing password"))] password: String, } ``` This decouples authentication (which accepts any valid password) from password policy enforcement (which applies only when setting new passwords). > [!WARNING] > > <details> > <summary>Firewall rules blocked me from connecting to one or more addresses (expand for details)</summary> > > #### I tried to connect to the following addresses, but was blocked by firewall rules: > > - `esm.ubuntu.com` > - Triggering command: `/usr/lib/apt/methods/https /usr/lib/apt/methods/https -Wl,-Bstatic /tmp/cargo-installE8W0yX/release/deps/libwasm_bindgen_cli-959290a744f5eff0.rlib /tmp/cargo-installE8W0yX/release/deps/libshlex-d9cdabc28e4bcb3e.rlib sm /tmp/cargo-installE8W0yX/release/deps/libwebpki_roots-3e04446edaf64261.rlib /tmp/cargo-installE8W0yX/release/deps/librustls-3d2eb846b8d9dc3a.rlib /tmp/cargo-installE8W0yX/release/deps/libsubtle-4d83e19c6a70fbb5.rlib /tmp/cargo-installE8W0yX/release/deps/libwebpki-462b1f9e30b495a4.rlib /tmp/cargo-installE8W0yX/release/deps/libring-32ff297d639cfaf8.rlib /tmp/cargo-installE8W0yX/release/deps/libuntrusted-079d8da535acf270.rlib /tmp/cargo-installE8W0yX/release/deps/librustls_pki_types-be6beebc650647ce.rlib f/ri /index.crates.io--error-format=json uild_script_buil--json=diagnostic-rendered-ansi,artifacts,future-incompat uild_script_buil--diagnostic-width=120 uild_script_builcc .rcgu.o -1949cf8c6b5b557/tmp/rustc8uHLYr/symbols.o lib/rustlib/x86_/tmp/cargo-installE8W0yX/release/deps/wasm_bindgen_test_REDACTED-ee15b030b03bc76a.wasm_bindgen_test_REDACTED.da63afa1bf5f4938-cgu.0.rcgu.o` (dns block) > > If you need me to access, download, or install something from one of these locations, you can either: > > - Configure [Actions setup steps](https://gh.io/copilot/actions-setup-steps) to set up my environment, which run before the firewall is enabled > - Add the appropriate URLs or hosts to the custom allowlist in this repository's [Copilot coding agent settings](https://github.com/lldap/lldap/settings/copilot/coding_agent) (admins only) > > </details>  <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[FEATURE REQUEST] Remove password length check from login screen</issue_title> > <issue_description>**Motivation** > > I am using `lldap_set_password --bypass-password-policy` to migrate passwords from another system. Some of these passwords aren't 8 char long, and I need to maintain them. I'm fine with not being able to modify passwords so the current enforcement in the password change web UI is fine, but I don't see why the login screen should disallow short passwords, when they are correct. > > **Describe the solution you'd like** > > Remove the check for 8 chars in the login screen. > </issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details>  - Fixes lldap/lldap#1377  --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>