Move password generation into separate file and ensure we generate strong passwords

2016-01-20 15:33:11 +01:00
parent bfa917e057
commit 02ba91f1bb
3 changed files with 49 additions and 13 deletions
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -17,7 +17,7 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    generatePassword = require('password-generator'),
+    generatePassword = require('../password.js').generate,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    user = require('../user.js'),
@@ -49,7 +49,7 @@ function createUser(req, res, next) {
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var username = req.body.username;
-    var password = generatePassword(8, true /* memorable */);
+    var password = generatePassword();
    var email = req.body.email;
    var sendInvite = req.body.invite;
    var displayName = req.body.displayName || '';