fix: login with weak password

5 years ago · 9d074731f4
parent b9679df784
commit 9d074731f4
2 changed files with 15 additions and 2 deletions
--- a/src/user/create.js
+++ b/src/user/create.js
@ -127,7 +127,7 @@ module.exports = function (User) {
 	};

 	User.isPasswordValid = function (password, minStrength) {
-		minStrength = minStrength || meta.config.minimumPasswordStrength;
+		minStrength = (minStrength || minStrength === 0) ? minStrength : meta.config.minimumPasswordStrength;

 		// Sanity checks: Checks if defined and is string
 		if (!password || !utils.isPasswordValid(password)) {
--- a/test/user.js
+++ b/test/user.js
@ -1519,7 +1519,7 @@ describe('User', function () {

 		it('should save user settings', function (done) {
 			var data = {
-				uid: 1,
+				uid: testUid,
 				settings: {
 					bootswatchSkin: 'default',
 					homePageRoute: 'none',
@ -2191,4 +2191,17 @@ describe('User', function () {
 			done();
 		});
 	});
+
+	it('should allow user to login even if password is weak', function (done) {
+		User.create({ username: 'weakpwd', password: '123456' }, function (err) {
+			assert.ifError(err);
+			const oldValue = meta.config.minimumPasswordStrength;
+			meta.config.minimumPasswordStrength = 3;
+			helpers.loginUser('weakpwd', '123456', function (err, jar, csrfs_token) {
+				assert.ifError(err);
+				meta.config.minimumPasswordStrength = oldValue;
+				done();
+			});
+		});
+	});
 });