mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-08-28 23:48:31 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update authentication.cr

Browse Source
This commit is contained in:
Ryan G 2023-06-12 19:21:27 -07:00
parent 9e120472cf
commit 4835ed314b
1 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/invidious/routes/api/v1/authentication.cr
View File

@ -19,16 +19,35 @@ module Invidious::Routes::API::V1::Authentication
if creds if creds
# user is registering # user is registering
password = creds.password
username = creds.username username = creds.username
if creds.password.empty? password = creds.password
return error_json(401, "Password cannot be empty")
end if username.nil? || username.empty?
# See https://security.stackexchange.com/a/39851 return error_json(401, "User ID is a required field")
if creds.password.bytesize > 55
return error_json(400, "Password cannot be longer than 55 characters")
end end
if password.nil? || password.empty?
return error_json(401, "Password is a required field")
end
if username.empty?
return error_json(401, "Username cannot be empty")
end
if password.empty?
return error_json(401, "Password cannot be empty")
end
if username.bytesize > 254
return error_json(401)
end
# See https://security.stackexchange.com/a/39851
if password.bytesize > 55
return error_json(401, "Password cannot be longer than 55 characters")
end
username = username.byte_slice(0, 254)
password = password.byte_slice(0, 55) password = password.byte_slice(0, 55)
if CONFIG.captcha_enabled if CONFIG.captcha_enabled