From c0d4875422a54e5fbd1a522b724e381a2af236a0 Mon Sep 17 00:00:00 2001
From: nathan <nathangray.bsc+github@gmail.com>
Date: Tue, 6 Dec 2022 14:32:14 -0700
Subject: [PATCH] Force / respect password requirements set in site
 configuration when suggesting passwords

---
 api/src/Etemplate/Widget/Password.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/Etemplate/Widget/Password.php b/api/src/Etemplate/Widget/Password.php
index b0797d787e..365c76396c 100644
--- a/api/src/Etemplate/Widget/Password.php
+++ b/api/src/Etemplate/Widget/Password.php
@@ -125,7 +125,9 @@ class Password extends Etemplate\Widget\Textbox
 	 */
 	public static function ajax_suggest($size = 12)
 	{
-		$password = Auth::randomstring($size, false);
+		$config = Api\Config::read('phpgwapi');
+		$size = max(min((int)$size, (int)$config['force_pwd_length']), 6);
+		$password = Auth::randomstring($size, $config['force_pwd_strength'] == 4);
 
 		$response = \EGroupware\Api\Json\Response::get();
 		$response->data($password);