Closed carcinocron closed 2 years ago
That's interesting. You can only do a max of 72 since that's a limit of Bcrypt. Your operation should have caught that. Can you see if your fresh Lucky app has this line?
If it doesn't, then we need to see why not since this should be on all Lucky 0.29 apps.
I modified the file to this:
module PasswordValidations
macro included
before_save run_password_validations
end
private def run_password_validations
pp ({:line => __LINE__, :password => password})
validate_required password, password_confirmation
validate_confirmation_of password, with: password_confirmation
# 72 is a limitation of BCrypt
pp ({:line => __LINE__, :password => password})
validate_size_of password, min: 6, max: 72
end
end
and I did not see any output.
so those validations aren't getting called? :raised_eyebrow: .... well that's definitely a bug, but I wonder why? :thinking:
This is fixed by https://github.com/luckyframework/lucky_cli/pull/773 Basically, we don't short circuit the operations once a validation fails, it'll still go through the entire callback stack. So in this case it was doing a copy and encrypt with a bad password... As for why that macro wasn't being called.... I have no clue, but I'm unable to reproduce that in any current or upcoming Lucky release :man_shrugging: But at least the original error was caught and will be fixed in the next release.
Describe the bug Attempting to register an account throws ISE "password size invalid".
To Reproduce Use a password of length 128 on a freshly generated lucky full. A password of length 64 worked. 86 did not.
Expected behavior
Other systems probably silently truncate or throw a 422 validation error.
Screenshots/code
Versions (please complete the following information):