From aff1f6e788ecac099c152daa7b93cf3c3deb8ebc Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Fri, 16 Feb 2024 02:47:49 +0100
Subject: [PATCH] [backend/api] Reject signups with password length of under 8
 chars (ISH-1)

---
 Iceshrimp.Backend/Core/Services/UserService.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Iceshrimp.Backend/Core/Services/UserService.cs b/Iceshrimp.Backend/Core/Services/UserService.cs
index d8671ef3..58be2289 100644
--- a/Iceshrimp.Backend/Core/Services/UserService.cs
+++ b/Iceshrimp.Backend/Core/Services/UserService.cs
@@ -213,6 +213,8 @@ public class UserService(
 			throw new GracefulException(HttpStatusCode.BadRequest, "User already exists");
 		if (await db.UsedUsernames.AnyAsync(p => p.Username.ToLower() == username.ToLowerInvariant()))
 			throw new GracefulException(HttpStatusCode.BadRequest, "Username was already used");
+		if (password.Length < 8)
+			throw GracefulException.BadRequest("Password must be at least 8 characters long");
 
 		var keypair = RSA.Create(4096);
 		var user = new User {