diff options
author | guillep2k <18600385+guillep2k@users.noreply.github.com> | 2019-11-19 21:07:51 -0300 |
---|---|---|
committer | zeripath <art27@cantab.net> | 2019-11-20 00:07:51 +0000 |
commit | e4ec32de2eee4ae320ef8e2f9a68a39ad607f548 (patch) | |
tree | 00c9ce1a5a91fc33601eeebe56d39c979d92e020 /routers/admin | |
parent | 4a357f4188ee037d5279d198356af71a8ca102bc (diff) | |
download | gitea-e4ec32de2eee4ae320ef8e2f9a68a39ad607f548.tar.gz gitea-e4ec32de2eee4ae320ef8e2f9a68a39ad607f548.zip |
Fix password checks on admin create/edit user (#9076)
* Fix password checks on admin create/edit user
* Remove incorrect trimspace
Diffstat (limited to 'routers/admin')
-rw-r--r-- | routers/admin/users.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/routers/admin/users.go b/routers/admin/users.go index 7626fbc0d0..b5c7dbd383 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -94,8 +94,14 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) { u.LoginName = form.LoginName } } - if u.LoginType == models.LoginPlain { + if u.LoginType == models.LoginNoType || u.LoginType == models.LoginPlain { + if len(form.Password) < setting.MinPasswordLength { + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserNew, &form) + return + } if !password.IsComplexEnough(form.Password) { + ctx.Data["Err_Password"] = true ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserNew, &form) return } @@ -203,14 +209,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { if len(form.Password) > 0 { var err error - if u.Salt, err = models.GetUserSalt(); err != nil { - ctx.ServerError("UpdateUser", err) + if len(form.Password) < setting.MinPasswordLength { + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserEdit, &form) return } if !password.IsComplexEnough(form.Password) { ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserEdit, &form) return } + if u.Salt, err = models.GetUserSalt(); err != nil { + ctx.ServerError("UpdateUser", err) + return + } u.HashPassword(form.Password) } |