update SHARE_LINK_PASSWORD_MIN_LENGTH

1. add SHARE_LINK_PASSWORD_MIN_LENGTH to web setting page
2. update SHARE_LINK_PASSWORD_MIN_LENGTH check

seahub/api2/views.py

@@ -2117,6 +2117,9 @@ class FileSharedLinkView(APIView):
         password = request.DATA.get('password', None)
         share_type = request.DATA.get('share_type', 'download')
 
+        if password and len(password) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
+            return api_error(status.HTTP_400_BAD_REQUEST, 'Password is too short')
+
         if share_type.lower() == 'download':
 
             if check_file_permission(request, repo_id, path) is None:
@@ -2151,7 +2154,6 @@ class FileSharedLinkView(APIView):
 
             if is_dir:
                 # generate dir download link
-
                 fs = FileShare.objects.get_dir_link_by_path(username, repo_id, path)
                 if fs is None:
                     fs = FileShare.objects.create_dir_link(username, repo_id, path,
@@ -2162,7 +2164,6 @@ class FileSharedLinkView(APIView):
 
             else:
                 # generate file download link
-
                 fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)
                 if fs is None:
                     fs = FileShare.objects.create_file_link(username, repo_id, path,

seahub/base/context_processors.py

@@ -13,7 +13,7 @@ from constance import config
 
 from seahub.settings import SEAFILE_VERSION, SITE_TITLE, SITE_NAME, \
     MAX_FILE_NAME, BRANDING_CSS, LOGO_PATH, LOGO_WIDTH, LOGO_HEIGHT,\
-    SHOW_REPO_DOWNLOAD_BUTTON, SHARE_LINK_PASSWORD_MIN_LENGTH
+    SHOW_REPO_DOWNLOAD_BUTTON
 
 try:
     from seahub.settings import SEACLOUD_MODE
@@ -78,7 +78,7 @@ def base(request):
         'has_file_search': HAS_FILE_SEARCH,
         'enable_pubfile': ENABLE_PUBFILE,
         'show_repo_download_button': SHOW_REPO_DOWNLOAD_BUTTON,
-        'share_link_password_min_length': SHARE_LINK_PASSWORD_MIN_LENGTH,
+        'share_link_password_min_length': config.SHARE_LINK_PASSWORD_MIN_LENGTH,
         'repo_password_min_length': config.REPO_PASSWORD_MIN_LENGTH,
         'events_enabled': EVENTS_ENABLED,
         'traffic_stats_enabled': TRAFFIC_STATS_ENABLED,

seahub/settings.py

@@ -627,4 +627,6 @@ CONSTANCE_CONFIG = {
     'USER_STRONG_PASSWORD_REQUIRED': (USER_STRONG_PASSWORD_REQUIRED,''),
     'USER_PASSWORD_MIN_LENGTH': (USER_PASSWORD_MIN_LENGTH,''),
     'USER_PASSWORD_STRENGTH_LEVEL': (USER_PASSWORD_STRENGTH_LEVEL,''),
+
+    'SHARE_LINK_PASSWORD_MIN_LENGTH': (SHARE_LINK_PASSWORD_MIN_LENGTH,''),
 }

seahub/share/views.py

@@ -3,6 +3,7 @@ import os
 import logging
 import json
 from dateutil.relativedelta import relativedelta
+from constance import config
 
 from django.core.urlresolvers import reverse
 from django.db import IntegrityError
@@ -1364,6 +1365,11 @@ def ajax_get_upload_link(request):
             data = json.dumps({'error': err})
             return HttpResponse(data, status=400, content_type=content_type)
 
+        if passwd and len(passwd) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
+            err = _('Password is too short')
+            data = json.dumps({'error': err})
+            return HttpResponse(data, status=400, content_type=content_type)
+
         if path[-1] != '/': # append '/' at end of path
             path += '/'
 
@@ -1433,6 +1439,16 @@ def ajax_get_download_link(request):
         use_passwd = True if int(request.POST.get('use_passwd', '0')) == 1 else False
         passwd = request.POST.get('passwd') if use_passwd else None
 
+        if not (repo_id and path):
+            err = _('Invalid arguments')
+            data = json.dumps({'error': err})
+            return HttpResponse(data, status=400, content_type=content_type)
+
+        if passwd and len(passwd) < config.SHARE_LINK_PASSWORD_MIN_LENGTH:
+            err = _('Password is too short')
+            data = json.dumps({'error': err})
+            return HttpResponse(data, status=400, content_type=content_type)
+
         try:
             expire_days = int(request.POST.get('expire_days', 0))
         except ValueError:
@@ -1442,11 +1458,6 @@ def ajax_get_download_link(request):
         else:
             expire_date = timezone.now() + relativedelta(days=expire_days)
 
-        if not (repo_id and path):
-            err = _('Invalid arguments')
-            data = json.dumps({'error': err})
-            return HttpResponse(data, status=400, content_type=content_type)
-
         username = request.user.username
         if share_type == 'f':
             fs = FileShare.objects.get_file_link_by_path(username, repo_id, path)

seahub/templates/sysadmin/settings.html

@@ -74,6 +74,11 @@
     {% endwith %}
     </div>
 
+    <div>
+    {% with type="input" setting_display_name="download/upload link password minimum length" help_tip="The least number of characters a download/upload link password should include." setting_name="SHARE_LINK_PASSWORD_MIN_LENGTH" setting_val=config_dict.SHARE_LINK_PASSWORD_MIN_LENGTH %} {% include "snippets/web_settings_form.html" %}
+    {% endwith %}
+    </div>
+
     <h4>Sync</h4>
 
     <div>

seahub/views/sysadmin.py

@@ -1669,7 +1669,7 @@ def sys_settings(request):
         'LOGIN_REMEMBER_DAYS', 'REPO_PASSWORD_MIN_LENGTH',
         'ENABLE_REPO_HISTORY_SETTING', 'USER_STRONG_PASSWORD_REQUIRED',
         'ENABLE_ENCRYPTED_LIBRARY', 'USER_PASSWORD_MIN_LENGTH',
-        'USER_PASSWORD_STRENGTH_LEVEL',)
+        'USER_PASSWORD_STRENGTH_LEVEL', 'SHARE_LINK_PASSWORD_MIN_LENGTH')
 
     STRING_WEB_SETTINGS = ('SERVICE_URL', 'FILE_SERVER_ROOT',)