statamic · jasonvarga · Jun 16, 2021 · Jun 10, 2021 · Jun 10, 2021 · Jun 11, 2021
diff --git a/src/Auth/Passwords/PasswordDefaults.php b/src/Auth/Passwords/PasswordDefaults.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Statamic\Auth\Passwords;
+
+use Illuminate\Validation\Rules\Password;
+
+class PasswordDefaults
+{
+    /**
+     * @return Password|string
+     */
+    public static function rules()
+    {
+        if (version_compare(app()->version(), '8.43.0', '<')) {
+            // Return the old password rules
+            return 'min:8';
+        }
+
+        return Password::default();
+    }
+}
diff --git a/src/Auth/ResetsPasswords.php b/src/Auth/ResetsPasswords.php
@@ -10,6 +10,7 @@
 use Illuminate\Support\Facades\Password;
 use Illuminate\Support\Str;
 use Illuminate\Validation\ValidationException;
+use Statamic\Auth\Passwords\PasswordDefaults;
 
 /**
  * A copy of Illuminate\Auth\ResetsPasswords.
@@ -74,8 +75,8 @@ protected function rules()
     {
         return [
             'token' => 'required',
-            'email' => 'required|email',
-            'password' => 'required|confirmed|min:8',
+            'email' => ['required', 'email'],
+            'password' => ['required', 'confirmed', PasswordDefaults::rules()],
         ];
     }
 

diff --git a/src/Console/Commands/MakeUser.php b/src/Console/Commands/MakeUser.php
@@ -3,6 +3,7 @@
 namespace Statamic\Console\Commands;
 
 use Illuminate\Console\Command;
+use Statamic\Auth\Passwords\PasswordDefaults;
 use Statamic\Console\RunsInPlease;
 use Statamic\Console\ValidatesInput;
 use Statamic\Facades\User;
@@ -121,6 +122,10 @@ protected function promptPassword()
     {
         $this->data['password'] = $this->secret('Password (Your input will be hidden)');
 
+        if ($this->passwordValidationFails()) {
+            return $this->promptPassword();
+        }
+
         return $this;
     }
 
@@ -164,6 +169,19 @@ protected function emailValidationFails()
         return $this->validationFails($this->email, ['required', new EmailAvailable, 'email']);
     }
 
+    /**
+     * Check if password validation fails.
+     *
+     * @return bool
+     */
+    protected function passwordValidationFails()
+    {
+        return $this->validationFails(
+            $this->data['password'],
+            ['required', PasswordDefaults::rules()],
+        );
+    }
+
     /**
      * Check if the user fieldset contains separate first_name and last_name fields.
      * Note: Though this isn't true by default, it's a common modification, and/or

diff --git a/src/Http/Controllers/CP/Users/PasswordController.php b/src/Http/Controllers/CP/Users/PasswordController.php
@@ -3,6 +3,7 @@
 namespace Statamic\Http\Controllers\CP\Users;
 
 use Illuminate\Http\Request;
+use Statamic\Auth\Passwords\PasswordDefaults;
 use Statamic\Exceptions\NotFoundHttpException;
 use Statamic\Facades\User;
 use Statamic\Http\Controllers\CP\CpController;
@@ -16,7 +17,7 @@ public function update(Request $request, $user)
         $this->authorize('editPassword', $user);
 
         $request->validate([
-            'password' => 'required|confirmed',
+            'password' => ['required', 'confirmed', PasswordDefaults::rules()],
         ]);
 
         $user->password($request->password)->save();

diff --git a/src/Http/Controllers/UserController.php b/src/Http/Controllers/UserController.php
@@ -6,6 +6,7 @@
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
+use Statamic\Auth\Passwords\PasswordDefaults;
 use Statamic\Events\UserRegistered;
 use Statamic\Events\UserRegistering;
 use Statamic\Exceptions\SilentFormFailureException;
@@ -48,8 +49,8 @@ public function register(Request $request)
         $fields = $blueprint->fields()->addValues($request->all());
 
         $fieldRules = $fields->validator()->withRules([
-            'email' => 'required|email|unique_user_value',
-            'password' => 'required|confirmed',
+            'email' => ['required', 'email', 'unique_user_value'],
+            'password' => ['required', 'confirmed', PasswordDefaults::rules()],
         ])->rules();
 
         $validator = Validator::make($request->all(), $fieldRules);

diff --git a/tests/Tags/User/RegisterFormTest.php b/tests/Tags/User/RegisterFormTest.php
@@ -210,8 +210,8 @@ public function it_will_register_user_and_render_success()
         $this
             ->post('/!/auth/register', [
                 'email' => 'san@holo.com',
-                'password' => 'chewy',
-                'password_confirmation' => 'chewy',
+                'password' => 'chewbacca',
+                'password_confirmation' => 'chewbacca',
             ])
             ->assertSessionHasNoErrors()
             ->assertLocation('/');
@@ -251,8 +251,8 @@ public function it_will_register_user_and_follow_custom_redirect_with_success()
         $this
             ->post('/!/auth/register', [
                 'email' => 'san@holo.com',
-                'password' => 'chewy',
-                'password_confirmation' => 'chewy',
+                'password' => 'chewbacca',
+                'password_confirmation' => 'chewbacca',
                 '_redirect' => '/registration-successful',
             ])
             ->assertSessionHasNoErrors()