Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 09:06:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: disallow registration attempts with password length > 4096

Browse Source 
This is a stopgap measure for v1.15.0
This commit is contained in:
Julian Lam
2020-11-03 09:53:49 -05:00
parent 35e725d17c
commit c0f699e655
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/controllers/authentication.js
View File

@@ -94,6 +94,10 @@ authenticationController.register = async function (req, res) {
throw new Error('[[user:change_password_error_match]]'); throw new Error('[[user:change_password_error_match]]');
} }
if (userData.password.length > 4096) {
throw new Error('[[error:password-too-long]]');
}
user.isPasswordValid(userData.password); user.isPasswordValid(userData.password);
res.locals.processLogin = true; // set it to false in plugin if you wish to just register only res.locals.processLogin = true; // set it to false in plugin if you wish to just register only