From a4fb83e38e59a96ad6cf85a9f3659d2f065358f9 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Wed, 6 Oct 2021 13:24:41 +0200
Subject: [PATCH] Merge pull request #5359 from
 overleaf/jpa-web-passwordStrengthOptions

[web] add defaults for passwordStrengthOptions into the server-ce config

GitOrigin-RevId: 69f4aec55219cd349fed861c766c135481b2bfea
---
 services/web/config/settings.defaults.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/services/web/config/settings.defaults.js b/services/web/config/settings.defaults.js
index 7c1e29fa5b..43cf816139 100644
--- a/services/web/config/settings.defaults.js
+++ b/services/web/config/settings.defaults.js
@@ -418,11 +418,13 @@ module.exports = {
   // -----------
   // These restrict the passwords users can use when registering
   // opts are from http://antelle.github.io/passfield
-  // passwordStrengthOptions:
-  // 	pattern: "aA$3"
-  // 	length:
-  // 		min: 6
-  // 		max: 128
+  passwordStrengthOptions: {
+    length: {
+      min: 6,
+      // Bcrypt does not support longer passwords than that.
+      max: 72,
+    },
+  },
 
   // Email support
   // -------------