From aaa47d5c3d9426c45dfdbc19de8377a219b77546 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nahuel=20Defoss=C3=A9?= <ndefosse@spideroak-inc.com>
Date: Fri, 7 Sep 2018 18:21:52 -0300
Subject: [PATCH] Expected bcrypt hash

---
 django/apps/openmanage/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/django/apps/openmanage/views.py b/django/apps/openmanage/views.py
index 314f92e..48ecfa0 100644
--- a/django/apps/openmanage/views.py
+++ b/django/apps/openmanage/views.py
@@ -28,6 +28,8 @@
 CHALLENGE_EXPIRATION_TIME = 60
 KEYLEN = nacl.secret.SecretBox.KEY_SIZE
 ITERATIONS = 100    # from py-bcrypt readme, maybe need to tweak this
+BCRYPT_HASH_LENGTH = 60
+
 
 def setup_logging():
     handler = logging.StreamHandler()
@@ -253,10 +255,8 @@ def password(request):
         except KeyError:
             log.error("Got bad request. Missing arguments.")
             return HttpResponse()
-        if len(new_password) < minimum_password_length:
-            message = 'Password too short. It should be at least {} characters long'.format(
-                minimum_password_length
-            )
+        if len(new_password) != BCRYPT_HASH_LENGTH:
+            message = 'Expected bcrypt hash'
             log.warning(message)
             return HttpResponseBadRequest(
                 content=message,