Require that passwords are at least 10 characters long

chatmaild/src/chatmaild/dictproxy.py

@@ -21,15 +21,27 @@ def encrypt_password(password: str):
     return "{SHA512-CRYPT}" + passhash
 
 
-def create_user(db, user, password):
+def check_password(password) -> bool:
+    """Check password policy"""
+    if len(password) < 10:
+        return False
+    return True
+
+
+def create_user(db, user, encrypted_password):
     if os.path.exists(NOCREATE_FILE):
         logging.warning(
             f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
         )
         return
     with db.write_transaction() as conn:
-        conn.create_user(user, password)
-    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
+        conn.create_user(user, encrypted_password)
+    return dict(
+        home=f"/home/vmail/{user}",
+        uid="vmail",
+        gid="vmail",
+        password=encrypted_password,
+    )
 
 
 def get_user_data(db, user):
@@ -48,6 +60,9 @@ def lookup_userdb(db, user):
 def lookup_passdb(db, user, password):
     userdata = get_user_data(db, user)
     if not userdata:
+        if not check_password(password):
+            logging.warning("Attempt to create an account with a weak password.")
+            return
         return create_user(db, user, encrypt_password(password))
     userdata["password"] = userdata["password"].strip()
     return userdata