Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-06 15:42:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,400 Commits 72 Branches 488 Tags
bfd4e68bdeba339b1d60a003afab8db4c9d445b5
Commit Graph

23 Commits

Author SHA1 Message Date
Barış Soner Uşaklı
9d2af7e10c refactor: replace math.random with crypto 2024-12-09 18:18:02 -05:00
Barış Soner Uşaklı
8b25aff79a feat: add workerpool for password, closes #10326 (#12038) 2023-09-26 10:48:58 -04:00
Barış Soner Uşaklı
d27c9696e3 feat: add node 16 (#9847) 
* feat: add node 16

* fix: check errors in fork

* test: add use-spawn

* test: another test

* Revert "test: another test"

This reverts commit 606efe26fe.

* test: another test

* fix: lint

* fix: remove spawn-wrap

* test: comment out plugin installs

* fix: lint

* test: uncomment all tests except npm i

* fix: lint

* test: bring back tests

* test: remove leftover override
 2021-11-04 00:09:14 -04:00
Peter Jaszkowiak
b56d9e12b5 chore: eslint prefer-arrow-callback 2021-02-08 18:06:44 -05:00
Julian Lam
512f6de6de feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 2020-11-06 08:40:00 -05:00
Baris Usakli
dd8386d93d refactor: password async/await 2019-08-30 16:16:56 -04:00
Barış Soner Uşaklı
cd80c2638c feat: #7743 
user/password
user/picture
 2019-07-16 14:17:10 -04:00
Barış Soner Uşaklı
ff38abc225 move bcrypt into password 2018-10-31 15:10:45 -04:00
Peter Jaszkowiak
ec38b18e34 Always compare password with a hash 
Prevents quick response when user / email doesn't exist
 2017-11-01 18:57:52 -06:00
Peter Jaszkowiak
1c35213934 Fix #5970 and forking while debugging (#5965) 
* Fix forking while debugging

Debugger address in use no longer happens

* Fix cropper error
 2017-10-09 11:40:36 -04:00
Peter Jaszkowiak
e71fb9ab24 Fix node --inspect 2017-06-01 14:15:40 -06:00
Barış Soner Uşaklı
890c2eff70 style changes 2017-05-27 01:44:26 -04:00
Barış Soner Uşaklı
870bb87b08 always pass strings to bcrypt compare 2017-04-26 13:17:21 -04:00
Peter Jaszkowiak
75d291183d Fix using nodebb in other CWDs 2017-04-12 15:22:58 -06:00
Peter Jaszkowiak
896c8c7343 ESlint object-curly-spacing 2017-02-18 12:30:49 -07:00
Peter Jaszkowiak
feb8405f95 ESlint eol-last 2017-02-18 02:30:48 -07:00
Peter Jaszkowiak
604358ecc4 ESlint keyword-spacing, no-multi-spaces 2017-02-18 01:52:56 -07:00
HeeL
4a3c31b2dc Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00
HeeL
9a0d764bbd Fix wrap-iife linter rule 2016-10-13 11:40:10 +02:00
barisusakli
c8ba61ac7b closes #4791 2016-08-26 00:05:40 +03:00
barisusakli
a445e3f7b1 use send for child process 2014-11-18 22:55:44 -05:00
Julian Lam
ea2fbcfcfc closed #2242 2014-10-07 19:49:29 -04:00
barisusakli
005405b16c closes #1976 2014-08-12 21:41:23 -04:00