HTTP password input field should not allow longer than 16 characters #61

glynhudson · 2019-06-12T15:20:07Z

Password is currently limited to 16 characters but it is possible for a user to enter a longer password which results in silent failure then user is unable to login since password in truncated.This could be fixed by a hard limit on the password input field.

https://community.openenergymonitor.org/t/reset-http-auth-password-on-esp8266/11159

CircuitSetup · 2019-07-25T17:01:55Z

Fixed this in config.js under the admin save event:

self.saveAdminFetching = ko.observable(false);
self.saveAdminSuccess = ko.observable(false);
self.saveAdmin = function () {
  var adminsave = {
  	user: self.config.www_username(),
  	pass: self.config.www_password()
  };
  
  if (adminsave.user.length > 16 || adminsave.pass.length > 16) {
  	alert("Please enter a username and password that is 16 characters or less");
  } else {
  self.saveAdminFetching(true);
  self.saveAdminSuccess(false);
  $.post(baseEndpoint + "/saveadmin", adminsave, function (data) {
    self.saveAdminSuccess(true);
  }).fail(function () {
    alert("Failed to save Admin config");
  }).always(function () {
    self.saveAdminFetching(false);
  });
 }
};

glynhudson added the bug label Jun 12, 2019

glynhudson changed the title ~~HTTP password input field should not allow longet than 16 characters~~ HTTP password input field should not allow longer than 16 characters Jun 12, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HTTP password input field should not allow longer than 16 characters #61

HTTP password input field should not allow longer than 16 characters #61

glynhudson commented Jun 12, 2019

CircuitSetup commented Jul 25, 2019

HTTP password input field should not allow longer than 16 characters #61

HTTP password input field should not allow longer than 16 characters #61

Comments

glynhudson commented Jun 12, 2019

CircuitSetup commented Jul 25, 2019