Page MenuHomeMusing Studio
Files F14873289

No OneTemporary
Actions

View Options

diff --git a/account.go b/account.go
index 234e1ee..e187ab8 100644
--- a/account.go
+++ b/account.go
@@ -56,6 +56,8 @@ type (
}
)
+const maxPassByteLen = 72
+
func NewUserPage(app *App, r *http.Request, u *User, title string, flashes []string) *UserPage {
up := &UserPage{
StaticPage: pageForReq(app, r),
diff --git a/app.go b/app.go
index fed36fb..8e2b688 100644
--- a/app.go
+++ b/app.go
@@ -929,6 +929,10 @@ func CreateUser(apper Apper, username, password string, isAdmin bool) error {
return fmt.Errorf("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, apper.App().cfg.App.MinUsernameLen)
}
+ if len(password) > maxPassByteLen {
+ return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Password is longer than %d characters", maxPassByteLen)}
+ }
+
// Hash the password
hashedPass, err := auth.HashPass([]byte(password))
if err != nil {
diff --git a/database.go b/database.go
index 67e4fbb..bce04f9 100644
--- a/database.go
+++ b/database.go
@@ -2321,6 +2321,11 @@ func (db *datastore) ChangeSettings(app *App, u *User, s *userSettings) error {
return errPass
}
+ if len(s.NewPass) > maxPassByteLen {
+ errPass = impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Password is longer than %d characters", maxPassByteLen)}
+ return errPass
+ }
+
if u.HasPass {
// Check if currently-set password is correct
hashedPass := u.HashedPass

File Metadata

Mime Type
text/x-diff
Expires
Sun, May 17, 11:22 PM (1 d, 7 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3733574

Event Timeline

musing studio · developers