Fixed server-side password checking
parent
8effc47206
commit
76e2d31c46
|
@ -292,29 +292,39 @@ router.route('/password/:token')
|
|||
|
||||
// Set new password
|
||||
.post((req, res, next) => {
|
||||
// Validate password
|
||||
debug('/settings/password/:token .post() called')
|
||||
|
||||
// Validate password strength
|
||||
let zxcvbnResult = zxcvbn(req.body.password)
|
||||
if (zxcvbnResult.crack_times_seconds.online_no_throttling_10_per_second < 864000) { // Less than ten days
|
||||
mw.throwErr(new Error(`That password could be cracked in ${zxcvbnResult.crack_times_display.online_no_throttling_10_per_second}! Come up with a more complex password that would take at least 10 days to crack. `))
|
||||
req.flash( 'danger',
|
||||
`That password could be cracked in ${zxcvbnResult.crack_times_display.online_no_throttling_10_per_second}! Come up with a more complex password that would take at least 10 days to crack. `
|
||||
)
|
||||
res.redirect(`/settings/password/${req.params.token}`)
|
||||
} else {
|
||||
|
||||
// Create hashed password and save to db
|
||||
res.locals.passwordUser.generateHashedPassword(req.body.password, (err) => {
|
||||
if (err) {
|
||||
debug('Error creating hashed password and saving to db')
|
||||
mw.throwErr(err, req)
|
||||
res.redirect(`/password/${req.params.token}`)
|
||||
res.redirect(`/settings/password/${req.params.token}`)
|
||||
|
||||
// User changed password
|
||||
} else if (req.user) {
|
||||
debug('User saved password')
|
||||
req.flash('success', 'Your password has been changed. ')
|
||||
res.redirect('/settings')
|
||||
|
||||
// New user created password
|
||||
} else {
|
||||
debug('New user created password')
|
||||
req.flash('success', 'Password set. You can use it to log in now. ')
|
||||
res.redirect('/login?next=/map?new=1')
|
||||
}
|
||||
|
||||
})
|
||||
|
||||
}
|
||||
})
|
||||
|
||||
|
|
Loading…
Reference in New Issue