summaryrefslogtreecommitdiff
path: root/src/api/private
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/private')
-rw-r--r--src/api/private/signin.ts10
-rw-r--r--src/api/private/signup.ts4
2 files changed, 12 insertions, 2 deletions
diff --git a/src/api/private/signin.ts b/src/api/private/signin.ts
index 14dd1c7058..fe3b5f7084 100644
--- a/src/api/private/signin.ts
+++ b/src/api/private/signin.ts
@@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => {
const username = req.body['username'];
const password = req.body['password'];
+ if (typeof username != 'string') {
+ res.sendStatus(400);
+ return;
+ }
+
+ if (typeof password != 'string') {
+ res.sendStatus(400);
+ return;
+ }
+
// Fetch user
const user = await User.findOne({
username_lower: username.toLowerCase()
diff --git a/src/api/private/signup.ts b/src/api/private/signup.ts
index 73e04f8b37..bd2a7ef02a 100644
--- a/src/api/private/signup.ts
+++ b/src/api/private/signup.ts
@@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs';
import rndstr from 'rndstr';
import recaptcha = require('recaptcha-promise');
import User from '../models/user';
-import { validateUsername } from '../models/user';
+import { validateUsername, validatePassword } from '../models/user';
import serialize from '../serializers/user';
import config from '../../conf';
@@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => {
}
// Validate password
- if (password == '') {
+ if (!validatePassword(password)) {
res.sendStatus(400);
return;
}
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 22:33:48 +0000