Ignoring a bunch of settings and checks when users sign up

In the gitea auth there are these checks, `IsComplexEnough` `IsPwned` etc.

https://github.com/kitspace/gitea/blob/351aea301fad4e9084962870764d5a407e008a8c/routers/web/user/auth.go#L1174-L1204

We don't do any of that in our auth endpoint. We should. 

	if !form.IsEmailDomainAllowed() {
	ctx.RenderWithErr(ctx.Tr("auth.email_domain_blacklisted"), tplSignUp, &form)
	return
	}

	if form.Password != form.Retype {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form)
	return
	}
	if len(form.Password) < setting.MinPasswordLength {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
	return
	}
	if !password.IsComplexEnough(form.Password) {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(password.BuildComplexityError(ctx), tplSignUp, &form)
	return
	}
	pwned, err := password.IsPwned(ctx, form.Password)
	if pwned {
	errMsg := ctx.Tr("auth.password_pwned")
	if err != nil {
	log.Error(err.Error())
	errMsg = ctx.Tr("auth.password_pwned_err")
	}
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(errMsg, tplSignUp, &form)
	return
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Ignoring a bunch of settings and checks when users sign up #20

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Ignoring a bunch of settings and checks when users sign up #20

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions