nodebb

History

Julian Lam 512f6de6de feat: allow passwords with length > 73 characters (#8818 ) * feat: allow passwords longer than 73 characters Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security by hashing all incoming passwords with SHA512, and then sending that to bcrypt. https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords * feat: add additional test for passwords > 73 chars * fix: remove 'password-too-long' error message and all invocations * test: added test to show that a super long password won't bring down NodeBB * fix: remove debug log * Revert "fix: remove 'password-too-long' error message and all invocations" This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79. * fix: added back password length checks, but at 512 chars As processing a large string still uses a lot of memory		4 years ago
..
database	fix: redis hget	5 years ago
files	fix: #8352 , remove webfonts (#8354 )	5 years ago
helpers	fix: vulnerability in cover and admin uploads (#8419 )	5 years ago
mocks	chore: add info log into tests	4 years ago
.eslintrc	ESlint no-unused-vars	8 years ago
api.js	fix: breaking test from `0db0231cff`	4 years ago
authentication.js	fix(writeapi): tests	5 years ago
batch.js	Async refactor in place (#7736 )	6 years ago
blacklist.js	fix(deps): update to eslint@6	6 years ago
build.js	Remove sounds (#8617 )	5 years ago
categories.js	fix: missing await	5 years ago
controllers-admin.js	Admin/users (#8762 )	5 years ago
controllers.js	refactor: setupApiRoute signature	5 years ago
coverPhoto.js	fix: #7116	6 years ago
database.js	fix: db info page	6 years ago
defer-logger.js	upgrade to winston 3.1, closes #6590 (#6838 )	7 years ago
emailer.js	fixed tests, closes #6371	7 years ago
feeds.js	feat: add privilege give/rescind hooks (#8336 )	5 years ago
file.js	fix: vulnerability in cover and admin uploads (#8419 )	5 years ago
flags.js	feat: additional tests for #8569	5 years ago
groups.js	fix: allow admins adding users to global moderators	5 years ago
image.js	up deps	8 years ago
locale-detect.js	fix: #7038 , autoLocale logic not playing nicely with no-refresh auths (#7059 )	6 years ago
messaging.js	feat: option in ACP to configure notification/email delay for chats	5 years ago
meta.js	Remove sounds (#8617 )	5 years ago
notifications.js	fix: tests	5 years ago
package-install.js	fix: #8547 , remove old deps during upgrade (#8557 )	5 years ago
pagination.js	ESlint object-curly-spacing	8 years ago
password.js	feat: allow passwords with length > 73 characters (#8818 )	4 years ago
plugins-installed.js	feat: move plugin tests to separate file	5 years ago
plugins.js	Revert "fix: bypass nbbpm for now"	5 years ago
posts.js	feat: edit test	5 years ago
pubsub.js	fix: #8474	5 years ago
rewards.js	fix: change params	6 years ago
search-admin.js	style(eslint): match operator-linebreak preferences	6 years ago
search.js	feat: add privilege give/rescind hooks (#8336 )	5 years ago
settings.js	more settings tests	7 years ago
socket.io.js	refactor: move groups.leave, fix some tests	5 years ago
template-helpers.js	feat: more discrete commit-on-save instead of commit-on-change w/ confirm modals (#8541 )	5 years ago
topics.js	feat: #3783 , min/max tags per category	5 years ago
translator.js	fix: #7974 (#7976 )	6 years ago
upgrade.js	feat: force upgrade scripts for test	5 years ago
uploads.js	Remove sounds (#8617 )	5 years ago
user.js	feat: allow passwords with length > 73 characters (#8818 )	4 years ago
utils.js	feat: add checkbox tests	5 years ago