Bug: User's password validation rules mismatch across application #1835

New Issue

OVERLORD · 2026-02-05T02:01:02+03:00

OVERLORD commented

2026-02-05 02:01:02 +03:00

Originally created by @jakubboucek on GitHub (Aug 31, 2020).

Describe the bug
Password validation rules is mismatch across application.

Mismatch explain

`CreateAdmin` – 5 characters rule

In \BookStack\Console\Commands\CreateAdmin::handle() is validation rule for password only 5 chars length:
13c0386e84/app/Console/Commands/CreateAdmin.php (L72-L74)

`RegisterController` – 8 characters rule

In \BookStack\Http\Controllers\Auth\RegisterController::validator() is validation rule for password only 5 chars length:
e15fcf5b50/app/Http/Controllers/Auth/RegisterController.php (L62-L69)

l10n – 5, 6, 7, 8 characters rule description

Reqiurements for password is mismatched between languages in l10ns files.

Expected behavior
I expect keep requirements for same entity's property same across whole application.

Better way can be extract password validation to one helper.

Don't worry be happy
I am offering to help you with reunite it by Pull Request, just help me confirm the 8 character length is currently valid length for Users passwords in application.

Originally created by @jakubboucek on GitHub (Aug 31, 2020). **Describe the bug** Password validation rules is mismatch across application. **Mismatch explain** ## `CreateAdmin` – 5 characters rule In `\BookStack\Console\Commands\CreateAdmin::handle()` is validation rule for password only 5 chars length: https://github.com/BookStackApp/BookStack/blob/13c0386e84ac1e26cf0db44024a3c0e8de40b5e0/app/Console/Commands/CreateAdmin.php#L72-L74 ## `RegisterController` – 8 characters rule In `\BookStack\Http\Controllers\Auth\RegisterController::validator()` is validation rule for password only 5 chars length: https://github.com/BookStackApp/BookStack/blob/e15fcf5b50e1831a90a04ded09f24e0c7b31d02e/app/Http/Controllers/Auth/RegisterController.php#L62-L69 ## l10n – 5, 6, 7, 8 characters rule description Reqiurements for password is mismatched between languages in l10ns files. ![Search accross l10n files](https://cdn.jakub-boucek.cz/screenshot/200831-9nreq.png) **Expected behavior** I expect keep requirements for same entity's property same across whole application. Better way can be extract password validation to one helper. **Don't worry be happy** I am offering to help you with reunite it by Pull Request, just help me confirm the 8 character length is currently valid length for Users passwords in application.

OVERLORD added the 🐛 Bug 🏭 Back-End labels 2026-02-05 02:01:02 +03:00

OVERLORD closed this issue

2026-02-05 02:01:06 +03:00

OVERLORD commented

2026-02-05 02:01:09 +03:00

@ssddanbrown commented on GitHub (Sep 5, 2020):

Hi @jakubboucek,
Thanks for offering a pull request.

Yeah, 8 characters if currently the valid length.

@ssddanbrown commented on GitHub (Sep 5, 2020): Hi @jakubboucek, Thanks for offering a pull request. Yeah, 8 characters if currently the valid length.

OVERLORD commented

2026-02-05 02:01:13 +03:00

@ssddanbrown commented on GitHub (Dec 18, 2021):

Thanks again for reporting @jakubboucek,
This has been addressed in bb9cd9d610 to be part of the next feature release.

@ssddanbrown commented on GitHub (Dec 18, 2021): Thanks again for reporting @jakubboucek, This has been addressed in bb9cd9d61093ea0b541f354fdd03c97aab1fd954 to be part of the next feature release.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1835

Bug: User's password validation rules mismatch across application #1835

CreateAdmin – 5 characters rule

RegisterController – 8 characters rule

l10n – 5, 6, 7, 8 characters rule description

`CreateAdmin` – 5 characters rule

`RegisterController` – 8 characters rule