mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 17:26:29 -05:00
refactor(backend): don't create local user if password is too weak
This prevents the previous problem that the backend created a user that was then not correctly removed again Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
45e70434c4
commit
47d1765b12
2 changed files with 3 additions and 2 deletions
|
@ -58,6 +58,7 @@ export class AuthController {
|
|||
@Req() request: RequestWithSession,
|
||||
@Body() registerDto: RegisterDto,
|
||||
): Promise<void> {
|
||||
await this.identityService.checkPasswordStrength(registerDto.password);
|
||||
const user = await this.usersService.createUser(
|
||||
registerDto.username,
|
||||
registerDto.displayName,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
|
||||
* SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
@ -197,7 +197,7 @@ export class IdentityService {
|
|||
* @param {string} password - the password to check
|
||||
* @throws {PasswordTooWeakError} the password is too weak
|
||||
*/
|
||||
private async checkPasswordStrength(password: string): Promise<void> {
|
||||
async checkPasswordStrength(password: string): Promise<void> {
|
||||
const result = await zxcvbnAsync(password);
|
||||
if (result.score < this.authConfig.local.minimalPasswordStrength) {
|
||||
throw new PasswordTooWeakError();
|
||||
|
|
Loading…
Reference in a new issue