hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bcbc085497'
${ noResults }
nodebb/test
History
Julian Lam 512f6de6de
feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 		4 years ago
..
database fix: redis hget 4 years ago
files fix: #8352, remove webfonts (#8354) 5 years ago
helpers fix: vulnerability in cover and admin uploads (#8419) 5 years ago
mocks chore: add info log into tests 4 years ago
.eslintrc ESlint no-unused-vars 8 years ago
api.js fix: breaking test from 0db0231cff 4 years ago
authentication.js fix(writeapi): tests 4 years ago
batch.js Async refactor in place (#7736) 6 years ago
blacklist.js fix(deps): update to eslint@6 6 years ago
build.js Remove sounds (#8617) 4 years ago
categories.js fix: missing await 5 years ago
controllers-admin.js Admin/users (#8762) 4 years ago
controllers.js refactor: setupApiRoute signature 4 years ago
coverPhoto.js fix: #7116 6 years ago
database.js fix: db info page 6 years ago
defer-logger.js upgrade to winston 3.1, closes #6590 (#6838) 6 years ago
emailer.js fixed tests, closes #6371 7 years ago
feeds.js feat: add privilege give/rescind hooks (#8336) 5 years ago
file.js fix: vulnerability in cover and admin uploads (#8419) 5 years ago
flags.js feat: additional tests for #8569 5 years ago
groups.js fix: allow admins adding users to global moderators 4 years ago
image.js up deps 8 years ago
locale-detect.js fix: #7038, autoLocale logic not playing nicely with no-refresh auths (#7059) 6 years ago
messaging.js feat: option in ACP to configure notification/email delay for chats 4 years ago
meta.js Remove sounds (#8617) 4 years ago
notifications.js fix: tests 5 years ago
package-install.js fix: #8547, remove old deps during upgrade (#8557) 5 years ago
pagination.js ESlint object-curly-spacing 8 years ago
password.js feat: allow passwords with length > 73 characters (#8818) 4 years ago
plugins-installed.js feat: move plugin tests to separate file 5 years ago
plugins.js Revert "fix: bypass nbbpm for now" 4 years ago
posts.js feat: edit test 4 years ago
pubsub.js fix: #8474 5 years ago
rewards.js fix: change params 5 years ago
search-admin.js style(eslint): match operator-linebreak preferences 6 years ago
search.js feat: add privilege give/rescind hooks (#8336) 5 years ago
settings.js more settings tests 6 years ago
socket.io.js refactor: move groups.leave, fix some tests 4 years ago
template-helpers.js feat: more discrete commit-on-save instead of commit-on-change w/ confirm modals (#8541) 5 years ago
topics.js feat: #3783, min/max tags per category 5 years ago
translator.js fix: #7974 (#7976) 5 years ago
upgrade.js feat: force upgrade scripts for test 4 years ago
uploads.js Remove sounds (#8617) 4 years ago
user.js feat: allow passwords with length > 73 characters (#8818) 4 years ago
utils.js feat: add checkbox tests 4 years ago