Fixed registration bug allowing invalid passwords

brandonw504 · brandonw504 · commit 834d079ac321 · 2025-01-18T17:38:19.000-08:00
diff --git a/app/(api)/api/auth/login/route.ts b/app/(api)/api/auth/login/route.ts
@@ -4,6 +4,10 @@ import { NextRequest, NextResponse } from 'next/server';
 
 import Login from '@datalib/auth/login';
 
+/*
+I created a custom API route to log in because the default route provided by Auth.js
+requires you to first get your CSRF token before logging in, this takes care of it
+*/
 export async function POST(request: NextRequest) {
   const body = await request.json();
   const res = await Login(body.email, body.password);
diff --git a/app/(pages)/(hackers)/login/_components/LoginForm.tsx b/app/(pages)/(hackers)/login/_components/LoginForm.tsx
@@ -34,7 +34,7 @@ export default function LoginForm() {
 
   const validateForm = (email: string, password: string) => {
     const isEmailValid = /\S+@\S+\.\S+/.test(email);
-    const isPasswordValid = password.length >= 6;
+    const isPasswordValid = password.length >= 6 && password.length <= 20;
     setValid(isEmailValid && isPasswordValid);
   };
 
diff --git a/app/(pages)/(hackers)/register/_components/RegisterForm.tsx b/app/(pages)/(hackers)/register/_components/RegisterForm.tsx
@@ -58,29 +58,29 @@ export default function RegisterForm() {
     setPasswordError(!isEmailValid);
 
     const isPasswordValid =
-      password.length >= 6 || password.length <= 20 || password.length === 0;
+      (password.length >= 6 && password.length <= 20) || password.length === 0;
     if (!isPasswordValid) {
       setError('Password is too short.');
     }
     setPasswordError(!isPasswordValid);
 
-    const passwordMatch =
-      password === passwordDupe || passwordDupe.length === 0;
+    const passwordMatch = password === passwordDupe;
     if (!passwordMatch) {
       setError("Passwords don't match.");
     }
     setPasswordDupeError(!passwordMatch);
 
-    setValid(isEmailValid && isPasswordValid && passwordMatch);
     if (
       email.length === 0 ||
       password.length === 0 ||
       passwordDupe.length === 0
     ) {
       setValid(false);
     }
+
     if (isEmailValid && isPasswordValid && passwordMatch) {
       setError('');
+      setValid(true);
     }
   };
 
diff --git a/app/(pages)/judges/register/_components/RegisterForm.tsx b/app/(pages)/judges/register/_components/RegisterForm.tsx
@@ -58,20 +58,18 @@ export default function RegisterForm() {
     setPasswordError(!isEmailValid);
 
     const isPasswordValid =
-      password.length >= 6 || password.length <= 20 || password.length === 0;
+      (password.length >= 6 && password.length <= 20) || password.length === 0;
     if (!isPasswordValid) {
       setError('Password is too short.');
     }
     setPasswordError(!isPasswordValid);
 
-    const passwordMatch =
-      password === passwordDupe || passwordDupe.length === 0;
+    const passwordMatch = password === passwordDupe;
     if (!passwordMatch) {
       setError("Passwords don't match.");
     }
     setPasswordDupeError(!passwordMatch);
 
-    setValid(isEmailValid && isPasswordValid && passwordMatch);
     if (
       email.length === 0 ||
       password.length === 0 ||
@@ -81,6 +79,7 @@ export default function RegisterForm() {
     }
     if (isEmailValid && isPasswordValid && passwordMatch) {
       setError('');
+      setValid(true);
     }
   };
 
