From e3409362f20935c49f3f23845c190029bea3bedd Mon Sep 17 00:00:00 2001
From: Louis Kirkham <louis.kirkham@bitzesty.com>
Date: Tue, 13 Feb 2024 11:49:59 +0000
Subject: [PATCH] Increase password minimum length to 14 characters

---
 app/views/shared/users/_form_password_settings.html.slim | 2 +-
 app/views/shared/users/_password_change.html.slim        | 2 +-
 app/views/shared/users/_password_guidance.html.slim      | 2 +-
 config/initializers/devise.rb                            | 2 +-
 spec/models/admin_spec.rb                                | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/views/shared/users/_form_password_settings.html.slim b/app/views/shared/users/_form_password_settings.html.slim
index 1e70a8bf7..ccf1db10c 100644
--- a/app/views/shared/users/_form_password_settings.html.slim
+++ b/app/views/shared/users/_form_password_settings.html.slim
@@ -40,7 +40,7 @@ h2.govuk-heading-l
                     span.govuk-warning-text__assistive Warning
                     p.text-underline Please improve your password
                     p#password-too-short
-                      ' It must be at least 10 characters.
+                      ' It must be at least 14 characters.
                     p#parts-of-email It shouldn't include part or all of your email address.
                     p#password-entropy
                       ' It must be more complex. Consider using whole sentences (with spaces), lyrics or phrases to make it more memorable. Alternatively use password management software to generate a secure password.
diff --git a/app/views/shared/users/_password_change.html.slim b/app/views/shared/users/_password_change.html.slim
index ef3828a84..8610d67d5 100644
--- a/app/views/shared/users/_password_change.html.slim
+++ b/app/views/shared/users/_password_change.html.slim
@@ -3,7 +3,7 @@
     .input-group
       = f.input :password,
                 input_html: { class: 'medium js-disable-copy',
-                              data: { min_password_length: "10" },
+                              data: { min_password_length: "14" },
                               autocomplete: "off",
                               aria: { invalid: 'false' } },
                 label: 'New password',
diff --git a/app/views/shared/users/_password_guidance.html.slim b/app/views/shared/users/_password_guidance.html.slim
index df815984b..a3cdf245a 100644
--- a/app/views/shared/users/_password_guidance.html.slim
+++ b/app/views/shared/users/_password_guidance.html.slim
@@ -6,7 +6,7 @@
       strong.govuk-warning-text__text aria-live="polite"
         p.text-underline Please improve your password
         p#password-too-short
-          ' It must be at least 10 characters.
+          ' It must be at least 14 characters.
         p#parts-of-email It shouldn't include part or all of your email address.
         p#password-entropy
           ' It must be more complex. Consider using whole sentences (with spaces), lyrics or phrases to make it more memorable.
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index e95271626..78d81995c 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -102,7 +102,7 @@
 
   # ==> Configuration for :validatable
   # Range for password length. Default is 6..128.
-  config.password_length = 10..128
+  config.password_length = 14..128
 
   # Regex to use to validate the email address
   # config.email_regexp = /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
diff --git a/spec/models/admin_spec.rb b/spec/models/admin_spec.rb
index 74a424dd5..45ebbf418 100644
--- a/spec/models/admin_spec.rb
+++ b/spec/models/admin_spec.rb
@@ -9,8 +9,8 @@
         email: "john@example.com",
         first_name: "John",
         last_name: "Smith",
-        password: "^#ur9EkLm@1W",
-        password_confirmation: "^#ur9EkLm@1W"
+        password: "^#ur9EkLm@1Wab",
+        password_confirmation: "^#ur9EkLm@1Wab"
       )
 
       expect(admin.autosave_token).not_to be nil