Michelle/redlight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

feat: enforce maximum password length of 64 characters in user registration and password update
Build & Push Docker Image / build (push) Successful in 4m19s
Details

Browse Source
This commit is contained in:
Michelle
2026-04-25 20:30:29 +02:00
parent de696d422a
commit 45fdbe4883
5 changed files with 82 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/routes/admin.js
+6
View File
@@ -38,6 +38,9 @@ router.post('/users', authenticateToken, requireAdmin, async (req, res) => {
if (password.length < 8) {
return res.status(400).json({ error: 'Password must be at least 8 characters long' });
}
if (password.length > 64) {
return res.status(400).json({ error: 'Password must not exceed 64 characters' });
}
// M9: email format validation
if (!EMAIL_RE.test(email)) {
@@ -160,6 +163,9 @@ router.put('/users/:id/password', authenticateToken, requireAdmin, async (req, r
if (!newPassword || typeof newPassword !== 'string' || newPassword.length < 8) {
return res.status(400).json({ error: 'Password must be at least 8 characters long' });
}
if (newPassword.length > 64) {
return res.status(400).json({ error: 'Password must not exceed 64 characters' });
}
const db = getDb();
const hash = await bcrypt.hash(newPassword, 12);