fix(api): don't allow short passwords in setup

influxdata · Sep 18, 2020 · 77c4bba · 77c4bba
1 parent 6d7f079
commit 77c4bba
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/onboarding.go b/onboarding.go
@@ -2,6 +2,8 @@ package influxdb
 
 import "context"
 
+const minPasswordLength = 8
+
 // OnboardingService represents a service for the first run.
 type OnboardingService interface {
 	// IsOnboarding determine if onboarding request is allowed.
@@ -54,5 +56,12 @@ func (r *OnboardingRequest) Valid() error {
 			Msg:  "bucket name is empty",
 		}
 	}
+
+	if len(r.Password) < minPasswordLength {
+		return &Error{
+			Code: EInvalid,
+			Msg:  "password too short",
+		}
+	}
 	return nil
 }
diff --git a/tenant/http_client_onboarding.go b/tenant/http_client_onboarding.go
@@ -2,12 +2,15 @@ package tenant
 
 import (
 	"context"
+	"fmt"
 	"path"
 
 	"github.com/influxdata/influxdb/v2"
 	"github.com/influxdata/influxdb/v2/pkg/httpc"
 )
 
+const minPasswordLength = 8
+
 // OnboardClientService connects to Influx via HTTP to perform onboarding operations
 type OnboardClientService struct {
 	Client *httpc.Client
@@ -54,6 +57,10 @@ func (s *OnboardClientService) OnboardInitialUser(ctx context.Context, or *influ
 }
 
 func (s *OnboardClientService) OnboardUser(ctx context.Context, or *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
+	if len(or.Password) < minPasswordLength {
+		return nil, fmt.Errorf("password must be at least %d characters long", minPasswordLength)
+	}
+
 	res := &onboardingResponse{}
 
 	err := s.Client.