Pulse/frontend-modern
rcourtman cb9d8d1ab1 Fix config backup/restore by enforcing 12-char minimum password (related to #646)
Users with 8-11 character passwords could not export/restore config backups
because the export encryption requires 12+ character passphrases for security,
but the password creation UI only enforced an 8-character minimum.

This created a confusing UX where users with short passwords saw validation
errors when trying to export backups, with the only solution being to use a
custom passphrase or change their password.

Root cause:
- FirstRunSetup and ChangePasswordModal allowed 8+ char passwords
- Config export/import requires 12+ char passphrases (backend validation)
- The v4.26.4 fix added frontend validation that showed the mismatch
- Users hit client-side validation before request was sent (no backend logs)

This fix raises the minimum password length to 12 characters everywhere:
- internal/auth/password.go: MinPasswordLength 8 → 12
- FirstRunSetup.tsx: validation and placeholder updated
- ChangePasswordModal.tsx: validation, minLength, and help text updated
- QuickSecuritySetup.tsx: validation and label updated

Impact:
- New users must create 12+ character passwords
- Existing users with <12 char passwords are unaffected (can't detect from hash)
- Those users will see the existing helpful error directing them to use custom
  passphrase for backups
- "Use your login password" option now works for all future passwords

This aligns password requirements across the system and eliminates the
confusing mismatch between login credentials and backup encryption requirements.

Related to #646 where user confirmed backups still failed in v4.26.5
2025-11-07 22:51:55 +00:00
..
public Add Windows ARM64 support for host agent (related to #654) 2025-11-07 12:18:57 +00:00
src Fix config backup/restore by enforcing 12-char minimum password (related to #646) 2025-11-07 22:51:55 +00:00
.eslintignore Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
.eslintrc.cjs Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
.gitignore Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
.prettierignore Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
.prettierrc Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
index.html Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
package-lock.json Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
package.json Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
postcss.config.js Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
tailwind.config.js fix: prevent guest link icon from re-animating on WebSocket updates 2025-10-24 09:27:06 +00:00
tsconfig.json Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
tsconfig.node.json Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
vite.config.ts Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00