From: Dessalines Date: Tue, 2 Mar 2021 15:36:10 +0000 (-0500) Subject: Adding a password length check to other API actions. (#1474) X-Git-Url: http://these/git/%24%7BgetStaticDir%28%29%7D/styles/static/%7BpictshareAvatarThumbnail%28?a=commitdiff_plain;h=134fece36da646cc34aa83865fe462e8a39ae6bc;p=lemmy.git Adding a password length check to other API actions. (#1474) * Adding a password length check to other API actions. - Fixes #1473 * Fixing comment. --- diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs index 54d11c1e..d87375ca 100644 --- a/crates/api/src/lib.rs +++ b/crates/api/src/lib.rs @@ -465,6 +465,15 @@ pub(crate) fn espeak_wav_base64(text: &str) -> Result { Ok(base64) } +/// Checks the password length +pub(crate) fn password_length_check(pass: &str) -> Result<(), LemmyError> { + if pass.len() > 60 { + Err(ApiError::err("invalid_password").into()) + } else { + Ok(()) + } +} + #[cfg(test)] mod tests { use crate::captcha_espeak_wav_base64; diff --git a/crates/api/src/user.rs b/crates/api/src/user.rs index 903c00e7..93ffdfff 100644 --- a/crates/api/src/user.rs +++ b/crates/api/src/user.rs @@ -4,6 +4,7 @@ use crate::{ get_user_from_jwt, get_user_from_jwt_opt, is_admin, + password_length_check, Perform, }; use actix_web::web::Data; @@ -144,10 +145,7 @@ impl Perform for Register { } } - // Password length check - if data.password.len() > 60 { - return Err(ApiError::err("invalid_password").into()); - } + password_length_check(&data.password)?; // Make sure passwords match if data.password != data.password_verify { @@ -390,6 +388,8 @@ impl Perform for SaveUserSettings { Some(new_password) => { match &data.new_password_verify { Some(new_password_verify) => { + password_length_check(&new_password)?; + // Make sure passwords match if new_password != new_password_verify { return Err(ApiError::err("passwords_dont_match").into()); @@ -989,6 +989,8 @@ impl Perform for PasswordChange { }) .await??; + password_length_check(&data.password)?; + // Make sure passwords match if data.password != data.password_verify { return Err(ApiError::err("passwords_dont_match").into());