Length control on admin password

[sfermigier]

This can lead to trouble, e.g. if I run:

flask create_admin --nickname admin --password admin

then I can't log-in.

The admin password is only 5 characters long, and the signin for has a constraint on 6 chars min.

class SigninForm(RedirectForm):
    ...
    password = PasswordField(
        lazy_gettext("Password"),
        [
            validators.DataRequired(lazy_gettext("Please enter a password.")),
            validators.Length(min=6, max=500),
        ],
    )

If the constraint is relevant for a sign-in form (not sure it is), then it should also be enforced in flask create_admin. Or it should be dropped altogether.

[cedricbonhomme]

Indeed, I remember this issue... Maybe I could keep the check on the minimum size of the password only for the sign-up form. When a user wants to create an account (or update the password). And remove the size check for the sign-in form.

I like that it is possible to create "weak" password via the flask command. So I will keep it without size check. Or a warning message (a bit like Django is doing).

I used to use a function in order to really check if a password is complex enough, not only checking its size. Maybe I should implement it again.