~amolith/willow#32: 
Passwords including " don't work

Reported in the IRC room

When creating a user through the CLI, passwords including a " character can't properly validate when logging in through the web UI.

Status
RESOLVED FIXED
Submitter
~amolith
Assigned to
No-one
Submitted
1 year, 2 months ago
Updated
7 months ago
Labels
backend bug frontend v0.0.1

~phdavis1027 10 months ago

The bug arises because when willow.go hashes the password at the time of user creation, it does not sanitize. However, when users login their password is sanitized before being pulled out of the request, which escapes the quotation mark. A test case got this code out of ws.go:

LoginHandler (unsanitized): bob a"a LoginHandler (sanitized): bob a"a

~amolith 7 months ago

Amolith referenced this ticket in commit d2e7cf2.

~amolith 7 months ago

Amolith referenced this ticket in commit a81a16d.

~amolith REPORTED FIXED 7 months ago

Register here or Log in to comment, or comment via email.