enforce a configurable minimum password length when registering

pull/1/head
ansuz 7 years ago
parent ef30b0bc42
commit bca9ba66cb

@ -49,6 +49,8 @@ define(function() {
users.
*/
config.loginSalt = '';
config.minimum_password_length = 8;
config.badStateTimeout = 30000;
config.applicationsIcon = {

@ -409,6 +409,8 @@ define(function () {
out.register_importRecent = "Import pad history (Recommended)";
out.register_acceptTerms = "I accept <a href='/terms.html' tabindex='-1'>the terms of service</a>";
out.register_passwordsDontMatch = "Passwords do not match!";
out.register_passwordTooShort = "Passwords must be at least {0} characters long.";
out.register_mustAcceptTerms = "You must accept the terms of service.";
out.register_mustRememberPass = "We cannot reset your password if you forget it. It's very important that you remember it! Please check the checkbox to confirm.";

@ -5,6 +5,13 @@ define([
var Cred = {};
var Scrypt = window.scrypt;
Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimum_password_length) === 'number'?
AppConfig.minimum_password_length: 8;
Cred.isLongEnoughPassword = function (passwd) {
return passwd.length >= Cred.MINIMUM_PASSWORD_LENGTH;
};
var isString = Cred.isString = function (x) {
return typeof(x) === 'string';
};

@ -88,6 +88,7 @@ define([
// validate inputs
if (!Cred.isValidUsername(uname)) { return void cb('INVAL_USER'); }
if (!Cred.isValidPassword(passwd)) { return void cb('INVAL_PASS'); }
if (!Cred.isLongEnoughPassword(passwd)) { return void cb('PASS_TOO_SHORT'); }
Cred.deriveFromPassphrase(uname, passwd, 128, function (bytes) {
// results...

@ -7,7 +7,7 @@ define([
'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
'less!/customize/src/less/loading.less',
], function ($, Login, Cryptpad, Test) {
], function ($, Login, Cryptpad, Test, Cred) {
var Messages = Cryptpad.Messages;
$(function () {
@ -138,7 +138,8 @@ define([
// We need a setTimeout(cb, 0) otherwise the loading screen is only displayed after hashing the password
window.setTimeout(function () {
Login.loginOrRegister(uname, passwd, true, function (err, result) {
var proxy = result.proxy;
var proxy;
if (result) { proxy = result.proxy; }
if (err) {
switch (err) {
@ -163,6 +164,16 @@ define([
});
});
break;
case 'PASS_TOO_SHORT':
Cryptpad.removeLoadingScreen(function () {
var warning = Messages._getKey('register_passwordTooShort', [
Cred.MINIMUM_PASSWORD_LENGTH
]);
Cryptpad.alert(warning, function () {
registering = false;
});
});
break;
case 'ALREADY_REGISTERED':
// logMeIn should reset registering = false
Cryptpad.removeLoadingScreen(function () {

Loading…
Cancel
Save