diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2022-03-07 18:12:43 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2022-03-07 18:12:43 +0100 |
| commit | 13b4572a2f58231272c7f40add706d561ecf4855 (patch) | |
| tree | 4835dc1793969445ae9d4209380bce1b21803e1a | |
| parent | e2e33de7e1cb82b89cc0b19f9a022787eec98916 (diff) | |
limit password length to 10000 characters
that should be sufficient…
| -rwxr-xr-x | lib/Travelynx.pm | 2 | ||||
| -rw-r--r-- | lib/Travelynx/Controller/Account.pm | 2 | ||||
| -rw-r--r-- | templates/change_password.html.ep | 4 | ||||
| -rw-r--r-- | templates/register.html.ep | 4 |
4 files changed, 6 insertions, 6 deletions
diff --git a/lib/Travelynx.pm b/lib/Travelynx.pm index 49c1399..eec16ca 100755 --- a/lib/Travelynx.pm +++ b/lib/Travelynx.pm @@ -36,7 +36,7 @@ use XML::LibXML; sub check_password { my ( $password, $hash ) = @_; - if ( bcrypt( $password, $hash ) eq $hash ) { + if ( bcrypt( substr( $password, 0, 10000 ), $hash ) eq $hash ) { return 1; } return 0; diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index 0435d51..97ea8ad 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -13,7 +13,7 @@ sub hash_password { my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - return bcrypt( $password, '$2a$12$' . $salt ); + return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub make_token { diff --git a/templates/change_password.html.ep b/templates/change_password.html.ep index 29aa621..c49226a 100644 --- a/templates/change_password.html.ep +++ b/templates/change_password.html.ep @@ -15,12 +15,12 @@ <div class="row"> <div class="input-field col l6 m12 s12"> <i class="material-icons prefix">lock</i> - %= password_field 'newpw', id => 'password', class => 'validate', required => undef, minlength => 8, autocomplete => 'new-password' + %= password_field 'newpw', id => 'password', class => 'validate', required => undef, minlength => 8, maxlength => 10000, autocomplete => 'new-password' <label for="password">Neues Passwort</label> </div> <div class="input-field col l6 m12 s12"> <i class="material-icons prefix">lock</i> - %= password_field 'newpw2', id => 'password2', class => 'validate', required => undef, minlength => 8, autocomplete => 'new-password' + %= password_field 'newpw2', id => 'password2', class => 'validate', required => undef, minlength => 8, maxlength => 10000, autocomplete => 'new-password' <label for="password2">Passwort wiederholen</label> </div> </div> diff --git a/templates/register.html.ep b/templates/register.html.ep index c27b591..7aba55a 100644 --- a/templates/register.html.ep +++ b/templates/register.html.ep @@ -17,12 +17,12 @@ </div> <div class="input-field col l6 m12 s12"> <i class="material-icons prefix">lock</i> - %= password_field 'password', id => 'password', class => 'validate', required => undef, minlength => 8, autocomplete => 'new-password' + %= password_field 'password', id => 'password', class => 'validate', required => undef, minlength => 8, maxlength => 10000, autocomplete => 'new-password' <label for="password">Passwort</label> </div> <div class="input-field col l6 m12 s12"> <i class="material-icons prefix">lock</i> - %= password_field 'password2', id => 'password2', class => 'validate', required => undef, minlength => 8, autocomplete => 'new-password' + %= password_field 'password2', id => 'password2', class => 'validate', required => undef, minlength => 8, maxlength => 10000, autocomplete => 'new-password' <label for="password2">Passwort wiederholen</label> </div> </div> |