mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-07-09 11:11:34 +02:00
Various password logic fixes on client and server-side
Fixes #6399 Fixes #6400
This commit is contained in:
@@ -8,6 +8,8 @@ var plugins = require('../plugins');
|
||||
var groups = require('../groups');
|
||||
var meta = require('../meta');
|
||||
|
||||
var zxcvbn = require('zxcvbn');
|
||||
|
||||
module.exports = function (User) {
|
||||
User.create = function (data, callback) {
|
||||
data.username = data.username.trim();
|
||||
@@ -179,18 +181,24 @@ module.exports = function (User) {
|
||||
};
|
||||
|
||||
User.isPasswordValid = function (password, callback) {
|
||||
// Sanity checks: Checks if defined and is string
|
||||
if (!password || !utils.isPasswordValid(password)) {
|
||||
return callback(new Error('[[error:invalid-password]]'));
|
||||
}
|
||||
|
||||
if (password.length < meta.config.minimumPasswordLength) {
|
||||
return callback(new Error('[[user:change_password_error_length]]'));
|
||||
return callback(new Error('[[reset_password:password_too_short]]'));
|
||||
}
|
||||
|
||||
if (password.length > 4096) {
|
||||
if (password.length > 512) {
|
||||
return callback(new Error('[[error:password-too-long]]'));
|
||||
}
|
||||
|
||||
var strength = zxcvbn(password);
|
||||
if (strength.score < meta.config.minimumPasswordStrength) {
|
||||
return callback(new Error('[[user:weak_password]]'));
|
||||
}
|
||||
|
||||
callback();
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user