In the gitea auth there are these checks, IsComplexEnough IsPwned etc.
|
if !form.IsEmailDomainAllowed() { |
|
ctx.RenderWithErr(ctx.Tr("auth.email_domain_blacklisted"), tplSignUp, &form) |
|
return |
|
} |
|
|
|
if form.Password != form.Retype { |
|
ctx.Data["Err_Password"] = true |
|
ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form) |
|
return |
|
} |
|
if len(form.Password) < setting.MinPasswordLength { |
|
ctx.Data["Err_Password"] = true |
|
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form) |
|
return |
|
} |
|
if !password.IsComplexEnough(form.Password) { |
|
ctx.Data["Err_Password"] = true |
|
ctx.RenderWithErr(password.BuildComplexityError(ctx), tplSignUp, &form) |
|
return |
|
} |
|
pwned, err := password.IsPwned(ctx, form.Password) |
|
if pwned { |
|
errMsg := ctx.Tr("auth.password_pwned") |
|
if err != nil { |
|
log.Error(err.Error()) |
|
errMsg = ctx.Tr("auth.password_pwned_err") |
|
} |
|
ctx.Data["Err_Password"] = true |
|
ctx.RenderWithErr(errMsg, tplSignUp, &form) |
|
return |
|
} |
We don't do any of that in our auth endpoint. We should.
In the gitea auth there are these checks,
IsComplexEnoughIsPwnedetc.gitea/routers/web/user/auth.go
Lines 1174 to 1204 in 351aea3
We don't do any of that in our auth endpoint. We should.