From c912e63fb5ba686125f13af4a83be695fcdf72e6 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Sun, 4 Nov 2018 08:30:16 -0600 Subject: [PATCH] Only check invalid size passwords on register --- src/invidious.cr | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index 2c26e24b..34c9384f 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -803,17 +803,6 @@ post "/login" do |env| next templated "error" end - if password.empty? - error_message = "Password cannot be empty" - next templated "error" - end - - # See https://security.stackexchange.com/a/39851 - if password.size > 55 - error_message = "Password cannot be longer than 55 characters" - next templated "error" - end - if !challenge_response || !token error_message = "CAPTCHA is a required field" next templated "error" @@ -856,6 +845,17 @@ post "/login" do |env| next templated "error" end elsif action == "register" + if password.empty? + error_message = "Password cannot be empty" + next templated "error" + end + + # See https://security.stackexchange.com/a/39851 + if password.size > 55 + error_message = "Password cannot be longer than 55 characters" + next templated "error" + end + user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User) if user error_message = "Please sign in"