From 551ffcf9ce3fd0ecdac3f41c123e94ecc20d32a9 Mon Sep 17 00:00:00 2001
From: Andrew Koroluk <koroluka@gmail.com>
Date: Thu, 8 Dec 2016 15:25:02 -0500
Subject: [PATCH] feat(server): enforce password 8-128 characters long

---
 .../app/server/api/user(auth)/user.model(mongooseModels).js   | 2 +-
 .../app/server/api/user(auth)/user.model(sequelizeModels).js  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/app/server/api/user(auth)/user.model(mongooseModels).js b/templates/app/server/api/user(auth)/user.model(mongooseModels).js
index f23208f12..17bafb912 100644
--- a/templates/app/server/api/user(auth)/user.model(mongooseModels).js
+++ b/templates/app/server/api/user(auth)/user.model(mongooseModels).js
@@ -92,7 +92,7 @@ UserSchema
     if(authTypes.indexOf(this.provider) !== -1) {
       return true;
     }<% } %>
-    return password.length;
+    return password.length >= 8 && password.length <= 128;
   }, 'Password cannot be blank');
 
 // Validate email is not taken
diff --git a/templates/app/server/api/user(auth)/user.model(sequelizeModels).js b/templates/app/server/api/user(auth)/user.model(sequelizeModels).js
index 58e8f5ae2..1d940c5e0 100644
--- a/templates/app/server/api/user(auth)/user.model(sequelizeModels).js
+++ b/templates/app/server/api/user(auth)/user.model(sequelizeModels).js
@@ -33,7 +33,9 @@ export default function(sequelize, DataTypes) {
     password: {
       type: DataTypes.STRING,
       validate: {
-        notEmpty: true
+        notEmpty: true,
+        min: 8,
+        max: 128,
       }
     },
     provider: DataTypes.STRING,