closes #5621

8 years ago · fa13e9acc0
parent 081578c7f4
commit fa13e9acc0
1 changed files with 8 additions and 3 deletions
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@ -344,10 +344,15 @@ authenticationController.localLogin = function (req, username, password, next) {
 	var uid;
 	var userData = {};

+	if (!password || !utils.isPasswordValid(password)) {
+		return next(new Error('[[error:invalid-password]]'));
+	}
+
+	if (password.length > 4096) {
+		return next(new Error('[[error:password-too-long]]'));
+	}
+
 	async.waterfall([
-		function (next) {
-			user.isPasswordValid(password, next);
-		},
 		function (next) {
 			user.getUidByUserslug(userslug, next);
 		},