Adding a password length check to other API actions. (#1474)

* Adding a password length check to other API actions.

- Fixes #1473

* Fixing comment.
This commit is contained in:
Dessalines 2021-03-02 10:36:10 -05:00 committed by GitHub
parent e78ba38e94
commit 134fece36d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions

View file

@ -465,6 +465,15 @@ pub(crate) fn espeak_wav_base64(text: &str) -> Result<String, LemmyError> {
Ok(base64)
}
/// Checks the password length
pub(crate) fn password_length_check(pass: &str) -> Result<(), LemmyError> {
if pass.len() > 60 {
Err(ApiError::err("invalid_password").into())
} else {
Ok(())
}
}
#[cfg(test)]
mod tests {
use crate::captcha_espeak_wav_base64;

View file

@ -4,6 +4,7 @@ use crate::{
get_user_from_jwt,
get_user_from_jwt_opt,
is_admin,
password_length_check,
Perform,
};
use actix_web::web::Data;
@ -144,10 +145,7 @@ impl Perform for Register {
}
}
// Password length check
if data.password.len() > 60 {
return Err(ApiError::err("invalid_password").into());
}
password_length_check(&data.password)?;
// Make sure passwords match
if data.password != data.password_verify {
@ -390,6 +388,8 @@ impl Perform for SaveUserSettings {
Some(new_password) => {
match &data.new_password_verify {
Some(new_password_verify) => {
password_length_check(&new_password)?;
// Make sure passwords match
if new_password != new_password_verify {
return Err(ApiError::err("passwords_dont_match").into());
@ -989,6 +989,8 @@ impl Perform for PasswordChange {
})
.await??;
password_length_check(&data.password)?;
// Make sure passwords match
if data.password != data.password_verify {
return Err(ApiError::err("passwords_dont_match").into());