Various password logic fixes on client and server-side

Fixes #6399
Fixes #6400
This commit is contained in:
Julian Lam
2018-03-26 12:55:15 -04:00
parent 5c8bf3ce95
commit 0158b1aa91
6 changed files with 18 additions and 7 deletions

View File

@@ -8,6 +8,8 @@ var plugins = require('../plugins');
var groups = require('../groups');
var meta = require('../meta');
var zxcvbn = require('zxcvbn');
module.exports = function (User) {
User.create = function (data, callback) {
data.username = data.username.trim();
@@ -179,18 +181,24 @@ module.exports = function (User) {
};
User.isPasswordValid = function (password, callback) {
// Sanity checks: Checks if defined and is string
if (!password || !utils.isPasswordValid(password)) {
return callback(new Error('[[error:invalid-password]]'));
}
if (password.length < meta.config.minimumPasswordLength) {
return callback(new Error('[[user:change_password_error_length]]'));
return callback(new Error('[[reset_password:password_too_short]]'));
}
if (password.length > 4096) {
if (password.length > 512) {
return callback(new Error('[[error:password-too-long]]'));
}
var strength = zxcvbn(password);
if (strength.score < meta.config.minimumPasswordStrength) {
return callback(new Error('[[user:weak_password]]'));
}
callback();
};