verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3556 from STRML/fix/validatePassword 

fix(validatePassword): Reword password too long error.
This commit is contained in:
Miroslav Bajtoš 2017-08-16 15:53:58 +02:00 committed by GitHub
parent 5db00c6ab2 44dd048036
commit bc8778908e
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
common/models/user.js
View File

@ -16,6 +16,8 @@ var path = require('path');
var qs = require('querystring'); var qs = require('querystring');
var SALT_WORK_FACTOR = 10; var SALT_WORK_FACTOR = 10;
var crypto = require('crypto'); var crypto = require('crypto');
// bcrypt's max length is 72 bytes;
// See https://github.com/kelektiv/node.bcrypt.js/blob/45f498ef6dc6e8234e58e07834ce06a50ff16352/src/node_blf.h#L59
var MAX_PASSWORD_LENGTH = 72; var MAX_PASSWORD_LENGTH = 72;
var bcrypt; var bcrypt;
try { try {
@ -993,18 +995,22 @@ module.exports = function(User) {
User.validatePassword = function(plain) { User.validatePassword = function(plain) {
var err; var err;
if (plain && typeof plain === 'string' && plain.length <= MAX_PASSWORD_LENGTH) { if (!plain || typeof plain !== 'string') {
return true; err = new Error(g.f('Invalid password.'));
}
if (plain.length > MAX_PASSWORD_LENGTH) {
err = new Error(g.f('Password too long: %s', plain));
err.code = 'PASSWORD_TOO_LONG';
} else {
err = new Error(g.f('Invalid password: %s', plain));
err.code = 'INVALID_PASSWORD'; err.code = 'INVALID_PASSWORD';
err.statusCode = 422;
throw err;
}
// Bcrypt only supports up to 72 bytes; the rest is silently dropped.
var len = Buffer.byteLength(plain, 'utf8');
if (len > MAX_PASSWORD_LENGTH) {
err = new Error(g.f('The password entered was too long. Max length is %d (entered %d)',
MAX_PASSWORD_LENGTH, len));
err.code = 'PASSWORD_TOO_LONG';
err.statusCode = 422;
throw err;
} }
err.statusCode = 422;
throw err;
}; };
User._invalidateAccessTokensOfUsers = function(userIds, options, cb) { User._invalidateAccessTokensOfUsers = function(userIds, options, cb) {

8
test/user.test.js
View File

@ -430,7 +430,7 @@ describe('User', function() {
var u = new User({username: 'foo', password: pass73Char}); var u = new User({username: 'foo', password: pass73Char});
assert(false, 'Error should have been thrown'); assert(false, 'Error should have been thrown');
} catch (e) { } catch (e) {
expect(e).to.match(/Password too long/); expect(e).to.match(/password entered was too long/);
done(); done();
} }
}); });
@ -462,7 +462,7 @@ describe('User', function() {
if (err) return done(err); if (err) return done(err);
User.resetPassword({email: 'b@c.com', password: pass73Char}, function(err) { User.resetPassword({email: 'b@c.com', password: pass73Char}, function(err) {
assert(err); assert(err);
expect(err).to.match(/Password too long/); expect(err).to.match(/password entered was too long/);
done(); done();
}); });
}); });
@ -474,7 +474,7 @@ describe('User', function() {
.then( .then(
success => { throw new Error('changePassword should have failed'); }, success => { throw new Error('changePassword should have failed'); },
err => { err => {
expect(err.message).to.match(/Password too long/); expect(err.message).to.match(/password entered was too long/);
// workaround for chai problem // workaround for chai problem
// object tested must be an array, an object, or a string, // object tested must be an array, an object, or a string,
@ -493,7 +493,7 @@ describe('User', function() {
.then( .then(
success => { throw new Error('setPassword should have failed'); }, success => { throw new Error('setPassword should have failed'); },
err => { err => {
expect(err.message).to.match(/Password too long/); expect(err.message).to.match(/password entered was too long/);
// workaround for chai problem // workaround for chai problem
// object tested must be an array, an object, or a string, // object tested must be an array, an object, or a string,