Merge pull request #339 from metabase/dont_log_bad_passwords

don't log passwords of insufficient strength

Merge pull request #339 from metabase/dont_log_bad_passwords
e58dd659 · Cam Saül · 98e6cf48 · a0f8f2b5 · e58dd659 · e58dd659
Commit e58dd659 authored 10 years ago by Cam Saül
--- a/src/metabase/api/common.clj
+++ b/src/metabase/api/common.clj
@@ -375,7 +375,9 @@
 (defannotation ComplexPassword
  "Param must be a complex password (*what does this mean?*)"
  [symb value]
-  (checkp-with password/is-complex? symb value "Insufficient password strength"))
+  (check (password/is-complex? value)
+    [400 (format "Invalid value for '%s': Insufficient password strength" symb)])
+  value)

 (defannotation FilterOptionAllOrMine
  "Param must be either `all` or `mine`."

--- a/test/metabase/api/setup_test.clj
+++ b/test/metabase/api/setup_test.clj
@@ -56,7 +56,7 @@
                                       :email "anything"
                                       :password "anything"}))

-(expect "Invalid value 'anything' for 'password': Insufficient password strength"
+(expect "Invalid value for 'password': Insufficient password strength"
  (http/client :post 400 "setup/user" {:token "anything"
                                       :first_name "anything"
                                       :last_name "anything"