Enforce maximum password length (#14290)

* fix(auth): enforce maximum password length * fix(auth): line length and better error message * fix(auth): correctly import/export constant Co-authored-by: SabreCat <sabe@habitica.com>
2025-12-16 22:27:26 +01:00 · 2022-11-18 16:49:10 -06:00
parent 6b27e18699
commit 82c5e40b92
5 changed files with 27 additions and 2 deletions
--- a/test/api/v3/integration/user/auth/POST-register_local.test.js
+++ b/test/api/v3/integration/user/auth/POST-register_local.test.js
@@ -344,6 +344,24 @@ describe('POST /user/auth/local/register', () => {
      });
    });

+    it('enforces maximum length for the password', async () => {
+      const username = generateRandomUserName();
+      const email = `${username}@example.com`;
+      const password = '12345678910111213141516171819202122232425262728293031323334353637383940';
+      const confirmPassword = '12345678910111213141516171819202122232425262728293031323334353637383940';
+
+      await expect(api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+
    it('requires a username', async () => {
      const email = `${generateRandomUserName()}@example.com`;
      const password = 'password';