Adding a password length check to other API actions. (#1474)

* Adding a password length check to other API actions. - Fixes #1473 * Fixing comment.
3 years ago · 134fece36d
parent e78ba38e94
commit 134fece36d
2 changed files with 15 additions and 4 deletions
--- a/crates/api/src/lib.rs
+++ b/crates/api/src/lib.rs
@ -465,6 +465,15 @@ pub(crate) fn espeak_wav_base64(text: &str) -> Result<String, LemmyError> {
  Ok(base64)
 }

+/// Checks the password length
+pub(crate) fn password_length_check(pass: &str) -> Result<(), LemmyError> {
+  if pass.len() > 60 {
+    Err(ApiError::err("invalid_password").into())
+  } else {
+    Ok(())
+  }
+}
+
 #[cfg(test)]
 mod tests {
  use crate::captcha_espeak_wav_base64;
--- a/crates/api/src/user.rs
+++ b/crates/api/src/user.rs
@ -4,6 +4,7 @@ use crate::{
  get_user_from_jwt,
  get_user_from_jwt_opt,
  is_admin,
+  password_length_check,
  Perform,
 };
 use actix_web::web::Data;
@ -144,10 +145,7 @@ impl Perform for Register {
      }
    }

-    // Password length check
-    if data.password.len() > 60 {
-      return Err(ApiError::err("invalid_password").into());
-    }
+    password_length_check(&data.password)?;

    // Make sure passwords match
    if data.password != data.password_verify {
@ -390,6 +388,8 @@ impl Perform for SaveUserSettings {
      Some(new_password) => {
        match &data.new_password_verify {
          Some(new_password_verify) => {
+            password_length_check(&new_password)?;
+
            // Make sure passwords match
            if new_password != new_password_verify {
              return Err(ApiError::err("passwords_dont_match").into());
@ -989,6 +989,8 @@ impl Perform for PasswordChange {
    })
    .await??;

+    password_length_check(&data.password)?;
+
    // Make sure passwords match
    if data.password != data.password_verify {
      return Err(ApiError::err("passwords_dont_match").into());