gractwo/mnemosyne
4
0
Fork 0
Code Pull Requests Actions Packages Activity

block empty passwords in the web handler

Browse Source
This commit is contained in:
jmanczak
2026-04-26 16:08:31 +02:00
parent fac1959193
commit 7d418c91e4
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/web/pages/usersettings.rs
View File

@@ -113,6 +113,14 @@ pub async fn change_password(
headers: HeaderMap, headers: HeaderMap,
Form(form): Form<PasswordForm>, Form(form): Form<PasswordForm>,
) -> Result<Response, CompositeError> { ) -> Result<Response, CompositeError> {
if form.password.trim().is_empty() {
return Ok((
axum::http::StatusCode::BAD_REQUEST,
"Password cannot be empty or consist only of whitespace.",
)
.into_response());
}
let mut tx = state.pool.begin().await?; let mut tx = state.pool.begin().await?;
let mut u = User::authenticate(&mut *tx, &headers).await?.required()?; let mut u = User::authenticate(&mut *tx, &headers).await?.required()?;