From 5a2ca0cc4ae85cc15960201c86f131cb822f714f Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Wed, 19 Oct 2022 11:47:26 +0000
Subject: [PATCH] fix(install): add password validation when creating super
 admin

---
 modules/Install/Controllers/InstallController.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/Install/Controllers/InstallController.php b/modules/Install/Controllers/InstallController.php
index c5705c9fc3..e0d131f238 100644
--- a/modules/Install/Controllers/InstallController.php
+++ b/modules/Install/Controllers/InstallController.php
@@ -292,7 +292,18 @@ class InstallController extends Controller
      */
     public function attemptCreateSuperAdmin(): RedirectResponse
     {
+        // validate user password
+        $rules = [
+            'password' => 'required|strong_password',
+        ];
+
         $userModel = new UserModel();
+        if (! $this->validate($rules)) {
+            return redirect()
+                ->back()
+                ->withInput()
+                ->with('errors', $userModel->errors());
+        }
 
         // Save the user
         $user = new User([
@@ -301,6 +312,7 @@ class InstallController extends Controller
             'password' => $this->request->getPost('password'),
             'is_owner' => true,
         ]);
+
         try {
             $userModel->save($user);
         } catch (ValidationException) {
-- 
GitLab