From fa13e9acc0bf6412dd506b5bb1e0991a1bf415b2 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Sat, 22 Apr 2017 14:38:43 -0400
Subject: [PATCH] closes #5621

---
 src/controllers/authentication.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 396aafd130..76f2da243d 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -344,10 +344,15 @@ authenticationController.localLogin = function (req, username, password, next) {
 	var uid;
 	var userData = {};
 
+	if (!password || !utils.isPasswordValid(password)) {
+		return next(new Error('[[error:invalid-password]]'));
+	}
+
+	if (password.length > 4096) {
+		return next(new Error('[[error:password-too-long]]'));
+	}
+
 	async.waterfall([
-		function (next) {
-			user.isPasswordValid(password, next);
-		},
 		function (next) {
 			user.getUidByUserslug(userslug, next);
 		},