diff --git a/package-lock.json b/package-lock.json index 22b45db48..ea2458acf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "uptime-kuma", - "version": "1.8.0", + "version": "1.9.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "uptime-kuma", - "version": "1.8.0", + "version": "1.9.1", "license": "MIT", "dependencies": { "@fortawesome/fontawesome-svg-core": "~1.2.36", @@ -23,6 +23,7 @@ "chardet": "^1.3.0", "chart.js": "~3.5.1", "chartjs-adapter-dayjs": "~1.0.0", + "check-password-strength": "^2.0.3", "command-exists": "~1.2.9", "compare-versions": "~3.6.0", "dayjs": "~1.10.7", @@ -3905,6 +3906,11 @@ "dayjs": "^1.8.15" } }, + "node_modules/check-password-strength": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/check-password-strength/-/check-password-strength-2.0.3.tgz", + "integrity": "sha512-UW3YgMUne9QuejgnNWjWwYi4QhWArVj+1OXqDR1NkEQcmMKKO74O3P5ZvXr9JZNbTBfcwlK3yurYCMuJsck83A==" + }, "node_modules/chokidar": { "version": "3.5.2", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz", @@ -15474,6 +15480,11 @@ "integrity": "sha512-EnbVqTJGFKLpg1TROLdCEufrzbmIa2oeLGx8O2Wdjw2EoMudoOo9+YFu+6CM0Z0hQ/v3yq/e/Y6efQMu22n8Jg==", "requires": {} }, + "check-password-strength": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/check-password-strength/-/check-password-strength-2.0.3.tgz", + "integrity": "sha512-UW3YgMUne9QuejgnNWjWwYi4QhWArVj+1OXqDR1NkEQcmMKKO74O3P5ZvXr9JZNbTBfcwlK3yurYCMuJsck83A==" + }, "chokidar": { "version": "3.5.2", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz", diff --git a/package.json b/package.json index 174ab6aa6..6f4bef34f 100644 --- a/package.json +++ b/package.json @@ -62,10 +62,11 @@ "axios": "~0.21.4", "bcryptjs": "~2.4.3", "bootstrap": "~5.1.1", - "chardet": "^1.3.0", "bree": "~6.3.1", + "chardet": "^1.3.0", "chart.js": "~3.5.1", "chartjs-adapter-dayjs": "~1.0.0", + "check-password-strength": "^2.0.3", "command-exists": "~1.2.9", "compare-versions": "~3.6.0", "dayjs": "~1.10.7", diff --git a/server/server.js b/server/server.js index 1846fe6e9..11f03061a 100644 --- a/server/server.js +++ b/server/server.js @@ -31,6 +31,7 @@ debug("Importing prometheus-api-metrics"); const prometheusAPIMetrics = require("prometheus-api-metrics"); debug("Importing compare-versions"); const compareVersions = require("compare-versions"); +const { passwordStrength } = require("check-password-strength"); debug("Importing 2FA Modules"); const notp = require("notp"); @@ -468,6 +469,10 @@ exports.entryPage = "dashboard"; socket.on("setup", async (username, password, callback) => { try { + if (passwordStrength(password).value === "Too weak") { + throw new Error("Password is too weak. It should contain alphabetic and numeric characters. It must be at least 6 characters in length."); + } + if ((await R.count("user")) !== 0) { throw new Error("Uptime Kuma has been initialized. If you want to run setup again, please delete the database."); } @@ -857,10 +862,14 @@ exports.entryPage = "dashboard"; try { checkLogin(socket); - if (! password.currentPassword) { + if (! password.newPassword) { throw new Error("Invalid new password"); } + if (passwordStrength(password.newPassword).value === "Too weak") { + throw new Error("Password is too weak. It should contain alphabetic and numeric characters. It must be at least 6 characters in length."); + } + let user = await R.findOne("user", " id = ? AND active = 1 ", [ socket.userID, ]);