enforce 8-100 password requirement in /reset too
parent
695d3a6bc4
commit
e488312dfe
|
@ -462,6 +462,13 @@ def post_reset(v):
|
|||
time=timestamp,
|
||||
error="Passwords didn't match."), 400
|
||||
|
||||
if not valid_password_regex.fullmatch(password):
|
||||
return render_template("login/reset_password.html",
|
||||
v=user,
|
||||
token=token,
|
||||
time=timestamp,
|
||||
error="Password must be between 8 and 100 characters."), 400
|
||||
|
||||
user.passhash = hash_password(password)
|
||||
g.db.add(user)
|
||||
|
||||
|
|
Loading…
Reference in New Issue