krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 14:47:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): enforce max pass length at update

Browse Source
This commit is contained in:
SabreCat
2022-12-05 16:36:42 -06:00
parent 4fe8b63748
commit df25e0574d
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
test/api/v3/integration/user/auth/PUT-user_update_password.test.js
View File

@@ -96,6 +96,20 @@ describe('PUT /user/auth/update-password', async () => {
}); });
}); });
it('returns an error when newPassword is too long', async () => {
const body = {
password,
newPassword: '12345678910111213141516171819202122232425262728293031323334353637383940',
confirmPassword: '12345678910111213141516171819202122232425262728293031323334353637383940',
};
await expect(user.put(ENDPOINT, body)).to.eventually.be.rejected.and.eql({
code: 400,
error: 'BadRequest',
message: t('invalidReqParams'),
});
});
it('returns an error when confirmPassword is missing', async () => { it('returns an error when confirmPassword is missing', async () => {
const body = { const body = {
password, password,

7
website/server/controllers/api-v3/auth.js
View File

@@ -289,8 +289,11 @@ api.updatePassword = {
newPassword: { newPassword: {
notEmpty: { errorMessage: res.t('missingNewPassword') }, notEmpty: { errorMessage: res.t('missingNewPassword') },
isLength: { isLength: {
options: { min: common.constants.MINIMUM_PASSWORD_LENGTH }, options: {
errorMessage: res.t('minPasswordLength'), min: common.constants.MINIMUM_PASSWORD_LENGTH,
max: common.constants.MAXIMUM_PASSWORD_LENGTH,
},
errorMessage: res.t('passwordIssueLength'),
}, },
}, },
confirmPassword: { confirmPassword: {