From 1b2ced47f84fea02b390a25a1ca64a85ab8f51e1 Mon Sep 17 00:00:00 2001
From: sawadashota <shota@sslife.tech>
Date: Tue, 30 Nov 2021 16:50:40 +0900
Subject: [PATCH 1/6] chore: Add failed test for 6 chars password

Signed-off-by: sawadashota <shota@sslife.tech>
---
 selfservice/strategy/password/validator_test.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go
index 0bd984681b6c..ad7f1ce90c8c 100644
--- a/selfservice/strategy/password/validator_test.go
+++ b/selfservice/strategy/password/validator_test.go
@@ -13,7 +13,6 @@ import (
 	"time"
 
 	"github.com/ory/x/httpx"
-
 	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/driver/config"
@@ -42,6 +41,7 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) {
 			{pw: "password", pass: false},
 			{pw: "1234567890", pass: false},
 			{pw: "qwertyui", pass: false},
+			{pw: "l3f9to", pass: false},
 			{pw: "l3f9toh1uaf81n21", pass: true},
 			{pw: "l3f9toh1uaf81n21", id: "l3f9toh1uaf81n21", pass: false},
 			{pw: "l3f9toh1", pass: true},
@@ -63,7 +63,6 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) {
 			{id: "asdflasdflasdf", pw: "asdflasdflpiuhefnciluaksdzuföfhg", pass: true},
 		} {
 			t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
-				t.Parallel()
 				err := s.Validate(context.Background(), tc.id, tc.pw)
 				if tc.pass {
 					require.NoError(t, err, "err: %+v, id: %s, pw: %s", err, tc.id, tc.pw)

From f48c2540879b11dbfff05298a62c03cab28b088f Mon Sep 17 00:00:00 2001
From: sawadashota <shota@sslife.tech>
Date: Tue, 30 Nov 2021 16:57:19 +0900
Subject: [PATCH 2/6] fix: Require minimum length of 8 characters password

Signed-off-by: sawadashota <shota@sslife.tech>
---
 selfservice/strategy/password/validator.go | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go
index 570cec7e485f..5d513d79b112 100644
--- a/selfservice/strategy/password/validator.go
+++ b/selfservice/strategy/password/validator.go
@@ -3,11 +3,6 @@ package password
 import (
 	"bufio"
 	"context"
-	"time"
-
-	"github.com/hashicorp/go-retryablehttp"
-
-	"github.com/ory/kratos/driver/config"
 
 	/* #nosec G505 sha1 is used for k-anonymity */
 	"crypto/sha1"
@@ -16,15 +11,16 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/arbovm/levenshtein"
-
+	"github.com/hashicorp/go-retryablehttp"
+	"github.com/ory/herodot"
 	"github.com/ory/x/httpx"
-
+	"github.com/ory/x/stringsx"
 	"github.com/pkg/errors"
 
-	"github.com/ory/herodot"
-	"github.com/ory/x/stringsx"
+	"github.com/ory/kratos/driver/config"
 )
 
 // Validator implements a validation strategy for passwords. One example is that the password
@@ -145,8 +141,8 @@ func (s *DefaultPasswordValidator) fetch(hpw []byte, apiDNSName string) error {
 }
 
 func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, password string) error {
-	if len(password) < 6 {
-		return errors.Errorf("password length must be at least 6 characters but only got %d", len(password))
+	if len(password) < 8 {
+		return errors.Errorf("password length must be at least 8 characters but only got %d", len(password))
 	}
 
 	compIdentifier, compPassword := strings.ToLower(identifier), strings.ToLower(password)

From 80b1725af1becffdac0a6257a93823b8fb8170dd Mon Sep 17 00:00:00 2001
From: sawadashota <shota@sslife.tech>
Date: Tue, 30 Nov 2021 20:43:25 +0900
Subject: [PATCH 3/6] fix: Keep parallel at password validator

Signed-off-by: sawadashota <shota@sslife.tech>
---
 selfservice/strategy/password/validator_test.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go
index ad7f1ce90c8c..2aea5ae53be8 100644
--- a/selfservice/strategy/password/validator_test.go
+++ b/selfservice/strategy/password/validator_test.go
@@ -63,11 +63,14 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) {
 			{id: "asdflasdflasdf", pw: "asdflasdflpiuhefnciluaksdzuföfhg", pass: true},
 		} {
 			t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
-				err := s.Validate(context.Background(), tc.id, tc.pw)
-				if tc.pass {
-					require.NoError(t, err, "err: %+v, id: %s, pw: %s", err, tc.id, tc.pw)
+				c := tc
+				t.Parallel()
+
+				err := s.Validate(context.Background(), c.id, c.pw)
+				if c.pass {
+					require.NoError(t, err, "err: %+v, id: %s, pw: %s", err, c.id, c.pw)
 				} else {
-					require.Error(t, err, "id: %s, pw: %s", tc.id, tc.pw)
+					require.Error(t, err, "id: %s, pw: %s", c.id, c.pw)
 				}
 			})
 		}

From d884fed0e60952e210d7269fe9fdafc652bc2b21 Mon Sep 17 00:00:00 2001
From: sawadashota <shota@sslife.tech>
Date: Tue, 30 Nov 2021 21:06:29 +0900
Subject: [PATCH 4/6] fix: Failed tests

---
 .../profiles/email/registration/errors.spec.ts            | 8 ++++----
 .../integration/profiles/email/settings/errors.spec.ts    | 4 ++--
 test/e2e/cypress/integration/profiles/mfa/totp.spec.ts    | 2 +-
 .../profiles/mobile/registration/errors.spec.ts           | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
index 6a6b24252c10..5be1bac5aafb 100644
--- a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts
@@ -36,8 +36,8 @@ describe('Registration failures with email profile', () => {
           .type(identity)
           .should('have.value', identity)
         cy.get('input[name="password"]')
-          .type('123456')
-          .should('have.value', '123456')
+          .type('12345678')
+          .should('have.value', '12345678')
 
         cy.shouldHaveCsrfError({ app })
       })
@@ -56,8 +56,8 @@ describe('Registration failures with email profile', () => {
             .type(identity)
             .should('have.value', identity)
           cy.get('input[name="password"]')
-            .type('123456')
-            .should('have.value', '123456')
+            .type('12345678')
+            .should('have.value', '12345678')
 
           cy.submitPasswordForm()
           cy.get('*[data-testid^="ui/message"]').should(
diff --git a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
index ea1e7d0ef528..612a5d139606 100644
--- a/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/email/settings/errors.spec.ts
@@ -149,7 +149,7 @@ context('Settings failures with email profile', () => {
         })
 
         it('fails if password policy is violated', () => {
-          cy.get('input[name="password"]').clear().type('123456')
+          cy.get('input[name="password"]').clear().type('12345678')
           cy.get('button[value="password"]').click()
           cy.get('*[data-testid^="ui/message"]').should(
             'contain.text',
@@ -282,7 +282,7 @@ context('Settings failures with email profile', () => {
 
       describe('global errors', () => {
         it('fails when CSRF is incorrect', () => {
-          cy.get(appPrefix(app) + 'input[name="password"]').type('123456')
+          cy.get(appPrefix(app) + 'input[name="password"]').type('12345678')
           cy.shouldHaveCsrfError({ app })
         })
 
diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
index 9f0144223dd3..0066cf23411e 100644
--- a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -222,7 +222,7 @@ context('2FA lookup secrets', () => {
 
       it('should fail to set up totp if verify code is wrong', () => {
         cy.visit(settings)
-        cy.get('input[name="totp_code"]').type('123456')
+        cy.get('input[name="totp_code"]').type('12345678')
         cy.get('*[name="method"][value="totp"]').click()
         cy.get('[data-testid="ui/message/4000008"]').should(
           'contain.text',
diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
index 5080cc8a6570..c5e3d04cd93d 100644
--- a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
+++ b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts
@@ -16,7 +16,7 @@ context('Mobile Profile', () => {
     describe('show errors when invalid signup data is used', () => {
       it('should show an error when the password has leaked before', () => {
         cy.get('input[data-testid="traits.email"]').type(email)
-        cy.get('input[data-testid="password"]').type('123456')
+        cy.get('input[data-testid="password"]').type('12345678')
         cy.get('input[data-testid="traits.website"]').type(website)
         cy.get('div[data-testid="submit-form"]').click()
 

From 8a209cb82077cfbf6237fcc7653a954811a4fa84 Mon Sep 17 00:00:00 2001
From: zepatrik <zepatrik@users.noreply.github.com>
Date: Mon, 6 Dec 2021 12:50:20 +0100
Subject: [PATCH 5/6] chore: format

---
 selfservice/strategy/password/validator.go      | 3 ++-
 selfservice/strategy/password/validator_test.go | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go
index 5d513d79b112..f853cc967357 100644
--- a/selfservice/strategy/password/validator.go
+++ b/selfservice/strategy/password/validator.go
@@ -15,10 +15,11 @@ import (
 
 	"github.com/arbovm/levenshtein"
 	"github.com/hashicorp/go-retryablehttp"
+	"github.com/pkg/errors"
+
 	"github.com/ory/herodot"
 	"github.com/ory/x/httpx"
 	"github.com/ory/x/stringsx"
-	"github.com/pkg/errors"
 
 	"github.com/ory/kratos/driver/config"
 )
diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go
index 2aea5ae53be8..a628591e4892 100644
--- a/selfservice/strategy/password/validator_test.go
+++ b/selfservice/strategy/password/validator_test.go
@@ -12,9 +12,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/ory/x/httpx"
 	"github.com/stretchr/testify/require"
 
+	"github.com/ory/x/httpx"
+
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/internal"
 	"github.com/ory/kratos/selfservice/strategy/password"

From 9c889d84994854f4f5de1020e8b66088d79bc4ac Mon Sep 17 00:00:00 2001
From: zepatrik <zepatrik@users.noreply.github.com>
Date: Mon, 6 Dec 2021 14:20:26 +0100
Subject: [PATCH 6/6] test: fix case

---
 selfservice/strategy/password/validator_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selfservice/strategy/password/validator_test.go b/selfservice/strategy/password/validator_test.go
index a628591e4892..ef0921d67b25 100644
--- a/selfservice/strategy/password/validator_test.go
+++ b/selfservice/strategy/password/validator_test.go
@@ -57,7 +57,7 @@ func TestDefaultPasswordValidationStrategy(t *testing.T) {
 			{id: "hello@example.com", pw: "h3ll0@example", pass: false},
 			{pw: "hello@example.com", id: "hello@exam", pass: false},
 			{id: "abcd", pw: "9d3c8a1b", pass: true},
-			{id: "a", pw: "kjOkla", pass: true},
+			{id: "a", pw: "kjOklafe", pass: true},
 			{id: "ab", pw: "0000ab0000", pass: true},
 			// longest common substring with long password
 			{id: "d4f6090b-5a84", pw: "d4f6090b-5a84-2184-4404-8d1b-8da3eb00ebbe", pass: true},