scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-10-31 01:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge #3653

Browse Source 
3653: Don't check empty passwords against HIBP (backport #3650) r=nextgens a=mergify[bot]

## What type of PR?

bug-fix

## What does this PR do?

Don't check empty passwords against HIBP; Apparently some password managers will trigger a race condition otherwise

### Related issue(s)
- closes #3633

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
<hr>This is an automatic backport of pull request #3650 done by [Mergify](https://mergify.com).

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors-mailu[bot]
2024-11-17 20:20:11 +00:00
committed by GitHub
parent af5cbc92f2 1805ef4480
commit 32fb10cb07
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/admin/assets/assets/app.js
View File

@@ -21,6 +21,9 @@ function sha1(string) {
} }
function hibpCheck(pwd) { function hibpCheck(pwd) {
if (pwd === null || pwd === undefined || pwd.length === 0) {
return;
}
// We hash the pwd first // We hash the pwd first
sha1(pwd).then(function(hash){ sha1(pwd).then(function(hash){
// We send the first 5 chars of the hash to hibp's API // We send the first 5 chars of the hash to hibp's API

1
towncrier/newsfragments/3650.bugfix Normal file
View File

@@ -0,0 +1 @@
Don't check empty passwords against HIBP