From af22ea8d189dbb063f32e61201a6d9de4a52f657 Mon Sep 17 00:00:00 2001
From: Philippe Pittoli <karchnu@karchnu.fr>
Date: Mon, 12 Jun 2023 01:55:06 +0200
Subject: [PATCH] Register: require at least 20-byte passwords.

---
 src/requests/register.cr | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/requests/register.cr b/src/requests/register.cr
index 10ae01d..ca162b6 100644
--- a/src/requests/register.cr
+++ b/src/requests/register.cr
@@ -34,8 +34,8 @@ class AuthD::Request
 			end
 
 			# In this case we should not accept its registration.
-			if @password.size < 4
-				return Response::Error.new "password too short"
+			if @password.size < 20
+				return Response::Error.new "password too short (< 20 characters)"
 			end
 
 			uid = authd.new_uid