FIX: change password form validation should instruct admins to use min password length for admin accounts

app/assets/javascripts/discourse/controllers/password-reset.js.es6

@@ -7,6 +7,7 @@ import { userPath } from 'discourse/lib/url';
 
 export default Ember.Controller.extend(PasswordValidation, {
   isDeveloper: Ember.computed.alias('model.is_developer'),
+  admin: Ember.computed.alias('model.admin'),
   passwordRequired: true,
   errorMessage: null,
   successMessage: null,

app/assets/javascripts/discourse/mixins/password-validation.js.es6

@@ -16,13 +16,13 @@ export default Ember.Mixin.create({
     return I18n.t('user.password.instructions', {count: this.get('passwordMinLength')});
   },
 
-  @computed('isDeveloper')
+  @computed('isDeveloper', 'admin')
-  passwordMinLength() {
+  passwordMinLength(isDeveloper, admin) {
-    return this.get('isDeveloper') ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
+    return (isDeveloper || admin) ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
   },
 
-  @computed('accountPassword', 'passwordRequired', 'rejectedPasswords.[]', 'accountUsername', 'accountEmail', 'isDeveloper')
+  @computed('accountPassword', 'passwordRequired', 'rejectedPasswords.[]', 'accountUsername', 'accountEmail', 'passwordMinLength')
-  passwordValidation(password, passwordRequired, rejectedPasswords, accountUsername, accountEmail, isDeveloper) {
+  passwordValidation(password, passwordRequired, rejectedPasswords, accountUsername, accountEmail, passwordMinLength) {
     if (!passwordRequired) {
       return InputValidation.create({ ok: true });
     }
@@ -40,8 +40,7 @@ export default Ember.Mixin.create({
     }
 
     // If too short
-    const passwordLength = isDeveloper ? this.siteSettings.min_admin_password_length : this.siteSettings.min_password_length;
+    if (password.length < passwordMinLength) {
-    if (password.length < passwordLength) {
       return InputValidation.create({
         failed: true,
         reason: I18n.t('user.password.too_short')

app/controllers/users_controller.rb

@@ -465,7 +465,10 @@ class UsersController < ApplicationController
         if @error
           render layout: 'no_ember'
         else
-          store_preloaded("password_reset", MultiJson.dump(is_developer: UsernameCheckerService.is_developer?(@user.email)))
+          store_preloaded(
+            "password_reset",
+            MultiJson.dump(is_developer: UsernameCheckerService.is_developer?(@user.email), admin: @user.admin?)
+          )
         end
         return redirect_to(wizard_path) if request.put? && Wizard.user_requires_completion?(@user)
       end
@@ -477,7 +480,8 @@ class UsersController < ApplicationController
               success: false,
               message: @error,
               errors: @user&.errors.to_hash,
-              is_developer: UsernameCheckerService.is_developer?(@user.email)
+              is_developer: UsernameCheckerService.is_developer?(@user.email),
+              admin: @user.admin?
             }
           else
             render json: {
@@ -488,7 +492,7 @@ class UsersController < ApplicationController
             }
           end
         else
-          render json: { is_developer: UsernameCheckerService.is_developer?(@user.email) }
+          render json: { is_developer: UsernameCheckerService.is_developer?(@user.email), admin: @user.admin? }
         end
       end
     end

spec/controllers/users_controller_spec.rb

@@ -342,7 +342,7 @@ describe UsersController do
         )
 
         expect(response).to be_success
-        expect(response.body).to include('{"is_developer":false}')
+        expect(response.body).to include('{"is_developer":false,"admin":false}')
 
         user.reload