poanetwork
/
gecko
mirror of https://github.com/poanetwork/gecko.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated fix for issue 195 

https://github.com/ava-labs/gecko/issues/195
This commit is contained in:
Shashank 2020-06-03 14:08:57 +05:30 committed by GitHub
parent 8e8dd7529b
commit 6dc67bbf70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api/keystore/service.go
View File

@ -148,17 +148,17 @@ func (ks *Keystore) CreateUser(_ *http.Request, args *CreateUserArgs, reply *Cre
return fmt.Errorf("user already exists: %s", args.Username)
}
if len(args.Password) < 50 {
if zxcvbn.PasswordStrength(args.Password, nil).Score < requiredPassScore {
return errWeakPassword
}
}
// As per issue https://github.com/ava-labs/gecko/issues/195 it was found the longer the length of password the slower zxcvbn.PasswordStrength() performs.
// To avoid performance issues and DOS vector we only check the first 50 characters of the password.
checkPass := args.Password
if len(args.Password) >= 50 {
if zxcvbn.PasswordStrength(args.Password[:50], nil).Score < requiredPassScore {
return errWeakPassword
}
}
if len(args.Password) > 50 {
checkPass = args.Password[:50]
}
if zxcvbn.PasswordStrength(checkPass, nil).Score < requiredPassScore {
return errWeakPassword
}
usr := &User{}
if err := usr.Initialize(args.Password); err != nil {