iv-org/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2024-07-01 17:11:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only check invalid size passwords on register

Browse Source
This commit is contained in:
Omar Roth 2018-11-04 08:30:16 -06:00
parent 7e558c5b1d
commit c912e63fb5
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/invidious.cr
View File

@ -803,17 +803,6 @@ post "/login" do |env|
next templated "error"
end
if password.empty?
error_message = "Password cannot be empty"
next templated "error"
end
# See https://security.stackexchange.com/a/39851
if password.size > 55
error_message = "Password cannot be longer than 55 characters"
next templated "error"
end
if !challenge_response || !token
error_message = "CAPTCHA is a required field"
next templated "error"
@ -856,6 +845,17 @@ post "/login" do |env|
next templated "error"
end
elsif action == "register"
if password.empty?
error_message = "Password cannot be empty"
next templated "error"
end
# See https://security.stackexchange.com/a/39851
if password.size > 55
error_message = "Password cannot be longer than 55 characters"
next templated "error"
end
user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User)
if user
error_message = "Please sign in"