Closed sfermigier closed 9 months ago
Indeed, I remember this issue... Maybe I could keep the check on the minimum size of the password only for the sign-up form. When a user wants to create an account (or update the password). And remove the size check for the sign-in form.
I like that it is possible to create "weak" password via the flask command. So I will keep it without size check. Or a warning message (a bit like Django is doing).
I used to use a function in order to really check if a password is complex enough, not only checking its size. Maybe I should implement it again.
This can lead to trouble, e.g. if I run:
then I can't log-in.
The admin password is only 5 characters long, and the signin for has a constraint on 6 chars min.
If the constraint is relevant for a sign-in form (not sure it is), then it should also be enforced in
flask create_admin
. Or it should be dropped altogether.