Only check invalid size passwords on register
This commit is contained in:
parent
7e558c5b1d
commit
c912e63fb5
@ -803,17 +803,6 @@ post "/login" do |env|
|
|||||||
next templated "error"
|
next templated "error"
|
||||||
end
|
end
|
||||||
|
|
||||||
if password.empty?
|
|
||||||
error_message = "Password cannot be empty"
|
|
||||||
next templated "error"
|
|
||||||
end
|
|
||||||
|
|
||||||
# See https://security.stackexchange.com/a/39851
|
|
||||||
if password.size > 55
|
|
||||||
error_message = "Password cannot be longer than 55 characters"
|
|
||||||
next templated "error"
|
|
||||||
end
|
|
||||||
|
|
||||||
if !challenge_response || !token
|
if !challenge_response || !token
|
||||||
error_message = "CAPTCHA is a required field"
|
error_message = "CAPTCHA is a required field"
|
||||||
next templated "error"
|
next templated "error"
|
||||||
@ -856,6 +845,17 @@ post "/login" do |env|
|
|||||||
next templated "error"
|
next templated "error"
|
||||||
end
|
end
|
||||||
elsif action == "register"
|
elsif action == "register"
|
||||||
|
if password.empty?
|
||||||
|
error_message = "Password cannot be empty"
|
||||||
|
next templated "error"
|
||||||
|
end
|
||||||
|
|
||||||
|
# See https://security.stackexchange.com/a/39851
|
||||||
|
if password.size > 55
|
||||||
|
error_message = "Password cannot be longer than 55 characters"
|
||||||
|
next templated "error"
|
||||||
|
end
|
||||||
|
|
||||||
user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User)
|
user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User)
|
||||||
if user
|
if user
|
||||||
error_message = "Please sign in"
|
error_message = "Please sign in"
|
||||||
|
Loading…
Reference in New Issue
Block a user