feat(api): enforce password validation on reset and update flows

Add bcrypt_password validation to password reset and update endpoints: - Add validation tag to PasswordReset.NewPassword struct field - Add validation tag to UserPassword.NewPassword struct field - Add c.Validate() calls in both handlers - Fix off-by-one error in bcrypt_password validator (use <= 72 not < 72) Password requirements: min 8 chars, max 72 bytes (bcrypt limit)
2026-05-02 01:46:45 +00:00 · 2026-02-25 13:34:55 +01:00
parent 39da47e435
commit 89c17d3b23
4 changed files with 13 additions and 3 deletions
--- a/pkg/user/validator.go
+++ b/pkg/user/validator.go
@@ -54,7 +54,7 @@ func init() {
 			return false
 		}

-		return len([]byte(str)) < 72
+		return len([]byte(str)) <= 72
 	}

 	govalidator.TagMap["language"] = i18n.HasLanguage