mirror of
https://github.com/iv-org/invidious.git
synced 2024-12-22 08:09:51 +05:30
Only check invalid size passwords on register
This commit is contained in:
parent
7e558c5b1d
commit
c912e63fb5
@ -803,17 +803,6 @@ post "/login" do |env|
|
||||
next templated "error"
|
||||
end
|
||||
|
||||
if password.empty?
|
||||
error_message = "Password cannot be empty"
|
||||
next templated "error"
|
||||
end
|
||||
|
||||
# See https://security.stackexchange.com/a/39851
|
||||
if password.size > 55
|
||||
error_message = "Password cannot be longer than 55 characters"
|
||||
next templated "error"
|
||||
end
|
||||
|
||||
if !challenge_response || !token
|
||||
error_message = "CAPTCHA is a required field"
|
||||
next templated "error"
|
||||
@ -856,6 +845,17 @@ post "/login" do |env|
|
||||
next templated "error"
|
||||
end
|
||||
elsif action == "register"
|
||||
if password.empty?
|
||||
error_message = "Password cannot be empty"
|
||||
next templated "error"
|
||||
end
|
||||
|
||||
# See https://security.stackexchange.com/a/39851
|
||||
if password.size > 55
|
||||
error_message = "Password cannot be longer than 55 characters"
|
||||
next templated "error"
|
||||
end
|
||||
|
||||
user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User)
|
||||
if user
|
||||
error_message = "Please sign in"
|
||||
|
Loading…
Reference in New Issue
Block a user