From 64883faa6ebffd1e67d36d537e1e0bf2196bf107 Mon Sep 17 00:00:00 2001
From: Nathan Bush <nathan@pfmediatech.com>
Date: Thu, 5 May 2016 10:40:49 -0400
Subject: [PATCH] Fix user creation with stronger minimum password
 requirements:q

---
 CHANGELOG          | 1 +
 app/models/user.rb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 4e405478825..d5b5c95bf3d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ v 8.10.0 (unreleased)
   - Fix MR-auto-close text added to description. !4836
   - Fix pagination when sorting by columns with lots of ties (like priority)
   - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
+  - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
 
 v 8.9.1
   - Fix GitLab project import issues related to notes and builds
diff --git a/app/models/user.rb b/app/models/user.rb
index 876ccc69d8d..04b220ee13c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -308,7 +308,7 @@ class User < ActiveRecord::Base
 
   def generate_password
     if self.force_random_password
-      self.password = self.password_confirmation = Devise.friendly_token.first(8)
+      self.password = self.password_confirmation = Devise.friendly_token.first(Devise.password_length.min)
     end
   end