--- a/mod_password_reset/mod_password_reset.lua Tue Oct 09 14:12:03 2018 +0100
+++ b/mod_password_reset/mod_password_reset.lua Tue Oct 09 14:12:45 2018 +0100
@@ -16,8 +16,9 @@
local serve = module:depends"http_files".serve;
-module:depends"adhoc";
-module:depends"http";
+module:depends("adhoc");
+module:depends("http");
+local password_policy = module:depends("password_policy");
local form_template = assert(module:load_resource("password_reset/password_reset.html")):read("*a");
local result_template = assert(module:load_resource("password_reset/password_result.html")):read("*a");
@@ -38,6 +39,7 @@
return apply_template(form_template, {
jid = reset_info.user.."@"..module.host;
token = token;
+ min_password_length = password_policy.get_policy().length;
});
end
@@ -54,6 +56,16 @@
return apply_template(result_template, { classes = "alert-danger", message = "This link has expired." })
end
+ local policy_ok, policy_err = password_policy.check_password(password);
+ if not policy_ok then
+ return apply_template(form_template, {
+ classes = "alert-danger", message = "Unsuitable password: "..policy_err;
+ jid = reset_info.user.."@"..module.host;
+ token = token;
+ min_password_length = password_policy.get_policy().length;
+ })
+ end
+
local ok, err = usermanager.set_password(reset_info.user, password, module.host);
if ok then