Adding a password length check to other API actions. (#1474)

* Adding a password length check to other API actions.

- Fixes #1473

* Fixing comment.
This commit is contained in:
Dessalines 2021-03-02 10:36:10 -05:00 committed by GitHub
parent e78ba38e94
commit 134fece36d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions

View file

@ -465,6 +465,15 @@ pub(crate) fn espeak_wav_base64(text: &str) -> Result<String, LemmyError> {
Ok(base64) Ok(base64)
} }
/// Checks the password length
pub(crate) fn password_length_check(pass: &str) -> Result<(), LemmyError> {
if pass.len() > 60 {
Err(ApiError::err("invalid_password").into())
} else {
Ok(())
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::captcha_espeak_wav_base64; use crate::captcha_espeak_wav_base64;

View file

@ -4,6 +4,7 @@ use crate::{
get_user_from_jwt, get_user_from_jwt,
get_user_from_jwt_opt, get_user_from_jwt_opt,
is_admin, is_admin,
password_length_check,
Perform, Perform,
}; };
use actix_web::web::Data; use actix_web::web::Data;
@ -144,10 +145,7 @@ impl Perform for Register {
} }
} }
// Password length check password_length_check(&data.password)?;
if data.password.len() > 60 {
return Err(ApiError::err("invalid_password").into());
}
// Make sure passwords match // Make sure passwords match
if data.password != data.password_verify { if data.password != data.password_verify {
@ -390,6 +388,8 @@ impl Perform for SaveUserSettings {
Some(new_password) => { Some(new_password) => {
match &data.new_password_verify { match &data.new_password_verify {
Some(new_password_verify) => { Some(new_password_verify) => {
password_length_check(&new_password)?;
// Make sure passwords match // Make sure passwords match
if new_password != new_password_verify { if new_password != new_password_verify {
return Err(ApiError::err("passwords_dont_match").into()); return Err(ApiError::err("passwords_dont_match").into());
@ -989,6 +989,8 @@ impl Perform for PasswordChange {
}) })
.await??; .await??;
password_length_check(&data.password)?;
// Make sure passwords match // Make sure passwords match
if data.password != data.password_verify { if data.password != data.password_verify {
return Err(ApiError::err("passwords_dont_match").into()); return Err(ApiError::err("passwords_dont_match").into());