From bca9ba66cb180c58b3bc9c0765c83ecf2f207e4f Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 7 Sep 2017 17:43:58 +0200 Subject: [PATCH] enforce a configurable minimum password length when registering --- customize.dist/application_config.js | 2 ++ customize.dist/translations/messages.js | 2 ++ www/common/credential.js | 7 +++++++ www/common/login.js | 1 + www/register/main.js | 15 +++++++++++++-- 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/customize.dist/application_config.js b/customize.dist/application_config.js index 77962d8c4..e2ea77a02 100644 --- a/customize.dist/application_config.js +++ b/customize.dist/application_config.js @@ -49,6 +49,8 @@ define(function() { users. */ config.loginSalt = ''; + config.minimum_password_length = 8; + config.badStateTimeout = 30000; config.applicationsIcon = { diff --git a/customize.dist/translations/messages.js b/customize.dist/translations/messages.js index cdc13df2b..b72d58ce0 100644 --- a/customize.dist/translations/messages.js +++ b/customize.dist/translations/messages.js @@ -409,6 +409,8 @@ define(function () { out.register_importRecent = "Import pad history (Recommended)"; out.register_acceptTerms = "I accept the terms of service"; out.register_passwordsDontMatch = "Passwords do not match!"; + out.register_passwordTooShort = "Passwords must be at least {0} characters long."; + out.register_mustAcceptTerms = "You must accept the terms of service."; out.register_mustRememberPass = "We cannot reset your password if you forget it. It's very important that you remember it! Please check the checkbox to confirm."; diff --git a/www/common/credential.js b/www/common/credential.js index 432cc0511..ffab595c1 100644 --- a/www/common/credential.js +++ b/www/common/credential.js @@ -5,6 +5,13 @@ define([ var Cred = {}; var Scrypt = window.scrypt; + Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimum_password_length) === 'number'? + AppConfig.minimum_password_length: 8; + + Cred.isLongEnoughPassword = function (passwd) { + return passwd.length >= Cred.MINIMUM_PASSWORD_LENGTH; + }; + var isString = Cred.isString = function (x) { return typeof(x) === 'string'; }; diff --git a/www/common/login.js b/www/common/login.js index fdb58c1d5..ceda207c6 100644 --- a/www/common/login.js +++ b/www/common/login.js @@ -88,6 +88,7 @@ define([ // validate inputs if (!Cred.isValidUsername(uname)) { return void cb('INVAL_USER'); } if (!Cred.isValidPassword(passwd)) { return void cb('INVAL_PASS'); } + if (!Cred.isLongEnoughPassword(passwd)) { return void cb('PASS_TOO_SHORT'); } Cred.deriveFromPassphrase(uname, passwd, 128, function (bytes) { // results... diff --git a/www/register/main.js b/www/register/main.js index ce7c53242..86d0d9b14 100644 --- a/www/register/main.js +++ b/www/register/main.js @@ -7,7 +7,7 @@ define([ 'css!/bower_components/components-font-awesome/css/font-awesome.min.css', 'less!/customize/src/less/loading.less', -], function ($, Login, Cryptpad, Test) { +], function ($, Login, Cryptpad, Test, Cred) { var Messages = Cryptpad.Messages; $(function () { @@ -138,7 +138,8 @@ define([ // We need a setTimeout(cb, 0) otherwise the loading screen is only displayed after hashing the password window.setTimeout(function () { Login.loginOrRegister(uname, passwd, true, function (err, result) { - var proxy = result.proxy; + var proxy; + if (result) { proxy = result.proxy; } if (err) { switch (err) { @@ -163,6 +164,16 @@ define([ }); }); break; + case 'PASS_TOO_SHORT': + Cryptpad.removeLoadingScreen(function () { + var warning = Messages._getKey('register_passwordTooShort', [ + Cred.MINIMUM_PASSWORD_LENGTH + ]); + Cryptpad.alert(warning, function () { + registering = false; + }); + }); + break; case 'ALREADY_REGISTERED': // logMeIn should reset registering = false Cryptpad.removeLoadingScreen(function () {