Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-23 17:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

change isPasswordCorrect to return false if user does not have password

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2018-09-06 14:32:44 -04:00
parent 84a0a68b2b
commit 25fed0aa8d
3 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/authentication.js
View File

@@ -303,6 +303,19 @@ describe('authentication', function () {
});
});
it('should fail to login if user does not have password field in db', function (done) {
user.create({ username: 'hasnopassword', email: 'no@pass.org' }, function (err, uid) {
assert.ifError(err);
loginUser('hasnopassword', 'doesntmatter', function (err, response, body) {
assert.ifError(err);
console.log(response.statusCode, body);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
});
});
it('should fail to login if password is longer than 4096', function (done) {
var longPassword;
for (var i = 0; i < 5000; i++) {