summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--synapse/api/errors.py8
-rw-r--r--synapse/handlers/password_policy.py31
2 files changed, 31 insertions, 8 deletions
diff --git a/synapse/api/errors.py b/synapse/api/errors.py

index 22e0fcfa83..e6c67acf96 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -361,10 +361,14 @@ class PasswordRefusedError(SynapseError):
     """A password has been refused, either during password reset/change or registration.
     """
 
-    def __init__(self, errcode=Codes.WEAK_PASSWORD):
+    def __init__(
+        self,
+        msg="This password doesn't comply with the server's policy",
+        errcode=Codes.WEAK_PASSWORD,
+    ):
         super(PasswordRefusedError, self).__init__(
             code=400,
-            msg="This password doesn't comply with the server's policy",
+            msg=msg,
             errcode=errcode,
         )
 
diff --git a/synapse/handlers/password_policy.py b/synapse/handlers/password_policy.py

index 10e6360ecb..9994b44455 100644
--- a/synapse/handlers/password_policy.py
+++ b/synapse/handlers/password_policy.py
@@ -46,29 +46,48 @@ class PasswordPolicyHandler(object):
         if not self.enabled:
             return
 
-        if len(password) < self.policy.get("minimum_length", 0):
-            raise PasswordRefusedError(Codes.PASSWORD_TOO_SHORT)
+        minimum_accepted_length = self.policy.get("minimum_length", 0)
+        if len(password) < minimum_accepted_length:
+            raise PasswordRefusedError(
+                msg=(
+                    "The password must be at least %d characters long"
+                    % minimum_accepted_length
+                ),
+                errcode=Codes.PASSWORD_TOO_SHORT,
+            )
 
         if (
             self.policy.get("require_digit", False) and
             self.regexp_digit.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_DIGIT)
+            raise PasswordRefusedError(
+                msg="The password must include at least one digit",
+                errcode=Codes.PASSWORD_NO_DIGIT,
+            )
 
         if (
             self.policy.get("require_symbol", False) and
             self.regexp_symbol.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_SYMBOL)
+            raise PasswordRefusedError(
+                msg="The password must include at least one symbol",
+                errcode=Codes.PASSWORD_NO_SYMBOL,
+            )
 
         if (
             self.policy.get("require_uppercase", False) and
             self.regexp_uppercase.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_UPPERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one uppercase letter",
+                errcode=Codes.PASSWORD_NO_UPPERCASE,
+            )
 
         if (
             self.policy.get("require_lowercase", False) and
             self.regexp_lowercase.search(password) is None
         ):
-            raise PasswordRefusedError(Codes.PASSWORD_NO_LOWERCASE)
+            raise PasswordRefusedError(
+                msg="The password must include at least one lowercase letter",
+                errcode=Codes.PASSWORD_NO_LOWERCASE,
+            )
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-08 12:17:18 +0000