vikunja/pkg
kolaente ac87035742
fix(auth): restrict max password length to 72 bytes
Bcrypt allows a maximum of 72 bytes. This is part of the algorithm and not something we could change in Vikunja. The solution here was to restrict the password during registration to a max length of 72 bytes. In the future, this should be changed to hash passwords with sha512 or similar before hashing them with bcrypt. Because they should also be salted in that case and the added complexity during the migration phase, this was not implemented yet.
The change in this commit only improves the error handling to return an input error instead of a server error when the user enters a password > 72 bytes.

Resolves https://vikunja.sentry.io/share/issue/e8e0b64612d84504942feee002ac498a/

(cherry picked from commit 44a43b9f86)
2024-09-20 14:25:46 +02:00
..
caldav fix(caldav): make sure colors are correctly saved and returned 2024-09-20 14:22:47 +02:00
cmd fix(deps): update golangci 2024-09-20 14:20:56 +02:00
config feat(teams): add public flags to teams to allow easier sharing with other teams (#2179) 2024-03-10 14:04:32 +00:00
cron chore: remove year from copyright headers 2023-09-01 08:32:28 +02:00
db fix(subscriptions): correctly inherit subscriptions 2024-09-20 14:22:33 +02:00
events chore(deps): update golangci-lint rules 2023-12-19 13:34:31 +01:00
files fix(files): use absolute path everywhere 2024-09-20 14:25:02 +02:00
initialize chore(auth): refactor removing empty openid teams to cron job 2024-03-11 17:20:05 +01:00
integrations chore(web): move web handler package to Vikunja 2024-09-20 14:22:08 +02:00
log chore(mail): update logger to new interface 2024-06-18 12:42:43 +00:00
mail fix(mail): do not fail testmail command when the connection could not be closed. 2024-08-12 20:16:54 +02:00
metrics chore(web): move web handler package to Vikunja 2024-09-20 14:22:08 +02:00
migration fix: add info log message when starting to run migrations 2024-07-05 10:26:26 +02:00
models fix(label): ignore existing ID during creation 2024-09-20 14:25:39 +02:00
modules fix(files): use absolute path everywhere 2024-09-20 14:25:02 +02:00
notifications fix(notifications): rendering of plaintext mails 2024-04-07 14:12:44 +02:00
red chore: remove year from copyright headers 2023-09-01 08:32:28 +02:00
routes fix(caldav): reject invalid project id with error 400 2024-09-20 14:25:41 +02:00
swagger [skip ci] Updated swagger docs 2024-09-20 14:25:27 +02:00
user fix(auth): restrict max password length to 72 bytes 2024-09-20 14:25:46 +02:00
utils fix(subscriptions): cleanup and simplify fetching subscribers for tasks and projects logic 2024-09-20 14:22:37 +02:00
version fix(build): don't require swagger to build 2023-09-06 21:08:09 +02:00
web chore(web): always set internal error 2024-09-20 14:22:28 +02:00