hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
23,620 Commits
2 Branches
0 Tags
84 MiB
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '67282057e7'
${ noResults }
Commit Graph

22 Commits (67282057e7965ced445b0b0c0a1fd0142b2c751a)

Author SHA1 Message Date
Peter Jaszkowiak dab3b23575 chore: eslint no-var, vars-on-top 4 years ago
Peter Jaszkowiak 707b55b6a5 chore: eslint prefer-template 4 years ago
Barış Soner Uşaklı dadb2527da fix: #8974, with password login for approval queue 5 years ago
Julian Lam 512f6de6de
feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 5 years ago
Barış Soner Uşaklı 4818ec377e fix: missing await 5 years ago
Barış Soner Uşaklı f6d7a24a67 fix: dont check password strength on login 5 years ago
Barış Soner Uşaklı 22f8011686 refactor: remove async from isPasswordValid, function is sync 6 years ago
Barış Soner Uşaklı cd80c2638c feat: #7743 
user/password
user/picture
 6 years ago
Barış Soner Uşaklı 25fed0aa8d change isPasswordCorrect to return false if user does not have password 7 years ago
Julian Lam 3c6c0ed7a1 restoring passwordExpiry for use in continueLogin, fixed tests, hopefully 7 years ago
Julian Lam b6a5419ca1 closes #6674 7 years ago
Julian Lam 7558046e75 add brute-force protection for change password and email actions 7 years ago
Julian Lam 9641ada53c fixes #6415 7 years ago
Barış Soner Uşaklı f6ac92111b style changes 8 years ago
Peter Jaszkowiak 3b0dd2d1ef ESlint padded-blocks 8 years ago
Peter Jaszkowiak feb8405f95 ESlint eol-last 8 years ago
Peter Jaszkowiak bc1d70c126 ESlint comma-dangle 8 years ago
HeeL 4a3c31b2dc Fix space-before-function-paren linter rule 9 years ago
psychobunny b8eb19b991 closes #3993 9 years ago
barisusakli 005db18120 closes #4041 10 years ago
barisusakli 28ae101d90 allow changing username if user has no password set, ie sso login 10 years ago
barisusakli 7854e67b7b closes #1637 10 years ago