Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-06 15:42:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,582 Commits 72 Branches 488 Tags
8ea9b4a8f3c848a4e4b5df7cec9d2523ef26ee63
Commit Graph

23 Commits

Author SHA1 Message Date
Julian Lam
287f4c2c41 fix: do not throw if password passed into isPasswordCorrect is invalid, just return false 2022-08-05 14:39:36 -04:00
Peter Jaszkowiak
dab3b23575 chore: eslint no-var, vars-on-top 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
707b55b6a5 chore: eslint prefer-template 2021-02-08 18:06:44 -05:00
Barış Soner Uşaklı
dadb2527da fix: #8974, with password login for approval queue 2020-11-27 11:34:14 -05:00
Julian Lam
512f6de6de feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 2020-11-06 08:40:00 -05:00
Barış Soner Uşaklı
4818ec377e fix: missing await 2020-11-02 15:13:22 -05:00
Barış Soner Uşaklı
f6d7a24a67 fix: dont check password strength on login 2019-12-24 09:07:17 -05:00
Barış Soner Uşaklı
22f8011686 refactor: remove async from isPasswordValid, function is sync 2019-09-11 00:28:42 -04:00
Barış Soner Uşaklı
cd80c2638c feat: #7743 
user/password
user/picture
 2019-07-16 14:17:10 -04:00
Barış Soner Uşaklı
25fed0aa8d change isPasswordCorrect to return false if user does not have password 2018-09-06 14:32:44 -04:00
Julian Lam
3c6c0ed7a1 restoring passwordExpiry for use in continueLogin, fixed tests, hopefully 2018-07-27 12:34:51 -04:00
Julian Lam
b6a5419ca1 closes #6674 2018-07-27 11:54:32 -04:00
Julian Lam
7558046e75 add brute-force protection for change password and email actions 2018-07-11 16:28:40 -04:00
Julian Lam
9641ada53c fixes #6415 2018-04-02 12:28:20 -04:00
Barış Soner Uşaklı
f6ac92111b style changes 2017-05-26 00:02:20 -04:00
Peter Jaszkowiak
3b0dd2d1ef ESlint padded-blocks 2017-02-18 02:32:24 -07:00
Peter Jaszkowiak
feb8405f95 ESlint eol-last 2017-02-18 02:30:48 -07:00
Peter Jaszkowiak
bc1d70c126 ESlint comma-dangle 2017-02-17 19:31:21 -07:00
HeeL
4a3c31b2dc Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00
psychobunny
b8eb19b991 closes #3993 2016-02-23 13:57:00 -05:00
barisusakli
005db18120 closes #4041 2016-01-10 10:26:47 +02:00
barisusakli
28ae101d90 allow changing username if user has no password set, ie sso login 2015-10-22 17:37:24 -04:00
barisusakli
7854e67b7b closes #1637 2015-10-09 17:52:55 -04:00