github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Consider empty passwords to be a user error

Browse Source 
Programming errors like "the code doesn't try to provide a password"
should throw, but user errors like "the code pulled a password from an
input but it was empty" should use the callback.

Fixes #2272.
This commit is contained in:
David Glasser
2014-07-18 16:35:39 -07:00
parent d2f94579c0
commit d075b6dfd3
2 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/accounts-password/package.js
View File

@@ -10,7 +10,7 @@ Package.on_use(function(api) {
api.use('sha', ['client', 'server']);
api.use('email', ['server']);
api.use('random', ['server']);
api.use('check', ['server']);
api.use('check');
api.use('underscore');
api.use('livedata', ['client', 'server']);

23
packages/accounts-password/password_client.js
View File

@@ -89,8 +89,12 @@ var srpUpgradePath = function (options, callback) {
Accounts.createUser = function (options, callback) {
options = _.clone(options); // we'll be modifying options
if (!options.password)
if (typeof options.password !== 'string')
throw new Error("Must set options.password");
if (!options.password) {
callback(new Meteor.Error(400, "Password may not be empty"));
return;
}
// Replace password with the hashed password.
options.password = hashPassword(options.password);
@@ -117,6 +121,12 @@ Accounts.changePassword = function (oldPassword, newPassword, callback) {
return;
}
check(newPassword, String);
if (!newPassword) {
callback(new Meteor.Error(400, "Password may not be empty"));
return;
}
Accounts.connection.apply(
'changePassword',
[oldPassword ? hashPassword(oldPassword) : null, hashPassword(newPassword)],
@@ -171,10 +181,13 @@ Accounts.forgotPassword = function(options, callback) {
// @param newPassword {String}
// @param callback (optional) {Function(error|undefined)}
Accounts.resetPassword = function(token, newPassword, callback) {
if (!token)
throw new Error("Need to pass token");
if (!newPassword)
throw new Error("Need to pass newPassword");
check(token, String);
check(newPassword, String);
if (!newPassword) {
callback(new Meteor.Error(400, "Password may not be empty"));
return;
}
Accounts.callLoginMethod({
methodName: 'resetPassword',