2 files changed, 16 insertions, 1 deletions

diff --git a/assets/locales/ur/auth.json b/assets/locales/ur/auth.json

index e19547a0..1dac2474 100644
--- a/assets/locales/ur/auth.json
+++ b/assets/locales/ur/auth.json
@@ -10,7 +10,8 @@
 		"EMAIL_INVALID": "Invalid Email",
 		"EMAIL_ALREADY_REGISTERED": "Email is already registered",
 		"DATE_OF_BIRTH_UNDERAGE": "You need to be {{years}} years or older",
-		"CONSENT_REQUIRED": "You must agree to the Terms of Service and Privacy Policy.",
+                "PASSWORD_REQUIREMENTS_MIN_LENGTH": "Must be at least {{min}} characters long.",
+                "CONSENT_REQUIRED": "You must agree to the Terms of Service and Privacy Policy.",
 		"USERNAME_TOO_MANY_USERS": "Too many users have this username, please try another"
 	}
 }
diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts

index 321b4a65..14dc319a 100644
--- a/src/api/routes/auth/register.ts
+++ b/src/api/routes/auth/register.ts
@@ -225,6 +225,20 @@ router.post(
 		}
 
 		if (body.password) {
+			const min = register.password.minLength
+				? register.password.minLength
+				: 8;
+			if (body.password.length < min) {
+				throw FieldErrors({
+					password: {
+						code: "PASSWORD_REQUIREMENTS_MIN_LENGTH",
+						message: req.t(
+							"auth:register.PASSWORD_REQUIREMENTS_MIN_LENGTH",
+							{ min: min },
+						),
+					},
+				});
+			}
 			// the salt is saved in the password refer to bcrypt docs
 			body.password = await bcrypt.hash(body.password, 12);
 		} else if (register.password.required) {