enforce a configurable minimum password length when registering

2017-09-07 17:43:58 +02:00
parent ef30b0bc42
commit bca9ba66cb
5 changed files with 25 additions and 2 deletions
--- a/www/common/credential.js
+++ b/www/common/credential.js
@@ -5,6 +5,13 @@ define([
    var Cred = {};
    var Scrypt = window.scrypt;

+    Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimum_password_length) === 'number'?
+        AppConfig.minimum_password_length: 8;
+
+    Cred.isLongEnoughPassword = function (passwd) {
+        return passwd.length >= Cred.MINIMUM_PASSWORD_LENGTH;
+    };
+
    var isString = Cred.isString = function (x) {
        return typeof(x) === 'string';
    };
--- a/www/common/login.js
+++ b/www/common/login.js
@@ -88,6 +88,7 @@ define([
        // validate inputs
        if (!Cred.isValidUsername(uname)) { return void cb('INVAL_USER'); }
        if (!Cred.isValidPassword(passwd)) { return void cb('INVAL_PASS'); }
+        if (!Cred.isLongEnoughPassword(passwd)) { return void cb('PASS_TOO_SHORT'); }

        Cred.deriveFromPassphrase(uname, passwd, 128, function (bytes) {
            // results...