Fix bug

2017-02-22 19:39:34 +09:00
parent 48812ad2e0
commit abfb36bcdb
4 changed files with 32 additions and 4 deletions
--- a/src/api/private/signin.ts
+++ b/src/api/private/signin.ts
@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => {
 	const username = req.body['username'];
 	const password = req.body['password'];

+	if (typeof username != 'string') {
+		res.sendStatus(400);
+		return;
+	}
+
+	if (typeof password != 'string') {
+		res.sendStatus(400);
+		return;
+	}
+
 	// Fetch user
 	const user = await User.findOne({
 		username_lower: username.toLowerCase()
--- a/src/api/private/signup.ts
+++ b/src/api/private/signup.ts
@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs';
 import rndstr from 'rndstr';
 import recaptcha = require('recaptcha-promise');
 import User from '../models/user';
-import { validateUsername } from '../models/user';
+import { validateUsername, validatePassword } from '../models/user';
 import serialize from '../serializers/user';
 import config from '../../conf';

@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => {
 	}

 	// Validate password
-	if (password == '') {
+	if (!validatePassword(password)) {
 		res.sendStatus(400);
 		return;
 	}