From fe821095aa057cda63b1bae5422ba1eaf71cdf2c Mon Sep 17 00:00:00 2001
From: zefie <zefie@zefie.net>
Date: Thu, 10 Feb 2022 12:19:06 -0500
Subject: [PATCH] fix password check when adding user

---
 .../wtv-setup/validate-add-user-done.js            |  6 ++----
 .../ServiceVault/wtv-setup/validate-add-user.js    | 14 ++++++--------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user-done.js b/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user-done.js
index b1787f2f..c2634409 100644
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user-done.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user-done.js
@@ -9,16 +9,14 @@ if (ssid_sessions[socket.ssid].user_id != 0) errpage = wtvshared.doErrorPage(400
 if (!errpage) {
     if (request_headers.query.user_password) {
         if (request_headers.query.user_password.length < minisrv_config.config.passwords.min_length) errpage = wtvshared.doErrorPage(400, "Your password must contain at least " + minisrv_config.config.passwords.min_length + " characters.");
-    }
-    else {
-        if (request_headers.query.user_password.length > minisrv_config.config.passwords.max_length) errpage = wtvshared.doErrorPage(400, "Your password must contain no more than than " + minisrv_config.config.passwords.max_length + " characters.");
+        else if (request_headers.query.user_password.length > minisrv_config.config.passwords.max_length) errpage = wtvshared.doErrorPage(400, "Your password must contain no more than than " + minisrv_config.config.passwords.max_length + " characters.");
         else if (request_headers.query.user_password !== request_headers.query.user_password2) errpage = wtvshared.doErrorPage(400, "The passwords you entered did not match. Please check them and try again.");
     }
+    else if (!request_headers.query.user_name) errpage = wtvshared.doErrorPage(400, "Please enter a username.");
 }
 
 if (!errpage) {
     if (ssid_sessions[socket.ssid].getNumberOfUserAccounts() > minisrv_config.config.user_accounts.max_users_per_account) errpage = wtvshared.doErrorPage(400, "You are not authorized to add more than " + minisrv_config.config.user_accounts.max_users_per_account + ` account${minisrv_config.config.user_accounts.max_users_per_account > 1 ? 's' : ''}.`);
-    else if (!request_headers.query.user_name) errpage = wtvshared.doErrorPage(400, "Please enter a username.");
 }
 
 if (errpage) {
diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user.js b/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user.js
index f3226bf4..8bf885f0 100644
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user.js
@@ -6,17 +6,15 @@ if (ssid_sessions[socket.ssid].user_id != 0) errpage = wtvshared.doErrorPage(400
 // seperate if statements as to not overwrite the first error if multiple occur
 
 if (!errpage) {
-    if (request_headers.query.user_password) {
-        if (request_headers.query.user_password.length < minisrv_config.config.passwords.min_length) errpage = wtvshared.doErrorPage(400, "Your password must contain at least " + minisrv_config.config.passwords.min_length + " characters.");
-    }
-    else {
-        if (request_headers.query.user_password.length > minisrv_config.config.passwords.max_length) errpage = wtvshared.doErrorPage(400, "Your password must contain no more than than " + minisrv_config.config.passwords.max_length + " characters.");
-        else if (request_headers.query.user_password !== request_headers.query.user_password2) errpage = wtvshared.doErrorPage(400, "The passwords you entered did not match. Please check them and try again.");
-    }
+    if (ssid_sessions[socket.ssid].getNumberOfUserAccounts() > minisrv_config.config.user_accounts.max_users_per_account) errpage = wtvshared.doErrorPage(400, "You are not authorized to add more than " + minisrv_config.config.user_accounts.max_users_per_account + ` account${minisrv_config.config.user_accounts.max_users_per_account > 1 ? 's' : ''}.`);
 }
 
 if (!errpage) {
-    if (ssid_sessions[socket.ssid].getNumberOfUserAccounts() > minisrv_config.config.user_accounts.max_users_per_account) errpage = wtvshared.doErrorPage(400, "You are not authorized to add more than " + minisrv_config.config.user_accounts.max_users_per_account + ` account${minisrv_config.config.user_accounts.max_users_per_account > 1 ? 's' : ''}.`);
+    if (request_headers.query.user_password) {
+        if (request_headers.query.user_password.length < minisrv_config.config.passwords.min_length) errpage = wtvshared.doErrorPage(400, "Your password must contain at least " + minisrv_config.config.passwords.min_length + " characters.");
+        else if (request_headers.query.user_password.length > minisrv_config.config.passwords.max_length) errpage = wtvshared.doErrorPage(400, "Your password must contain no more than than " + minisrv_config.config.passwords.max_length + " characters.");
+        else if (request_headers.query.user_password !== request_headers.query.user_password2) errpage = wtvshared.doErrorPage(400, "The passwords you entered did not match. Please check them and try again.");
+    }
     else if (!request_headers.query.user_name) errpage = wtvshared.doErrorPage(400, "Please enter a username.");
 }