~amolith/willow#32: 
Passwords including " don't work

Reported in the IRC room

When creating a user through the CLI, passwords including a " character can't properly validate when logging in through the web UI.

Status
REPORTED
Submitter
~amolith
Assigned to
No-one
Submitted
5 months ago
Updated
2 months ago
Labels
backend bug frontend v0.0.1

~phdavis1027 2 months ago

The bug arises because when willow.go hashes the password at the time of user creation, it does not sanitize. However, when users login their password is sanitized before being pulled out of the request, which escapes the quotation mark. A test case got this code out of ws.go:

LoginHandler (unsanitized): bob a"a LoginHandler (sanitized): bob a"a

Register here or Log in to comment, or comment via email.