From f1c5ac5b14e9654218777cfcf311ee253233f837 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 17 Nov 2024 14:42:23 +0100
Subject: [PATCH] Don't check empty passwords against HIBP

---
 core/admin/assets/assets/app.js     | 3 +++
 towncrier/newsfragments/3650.bugfix | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 towncrier/newsfragments/3650.bugfix

diff --git a/core/admin/assets/assets/app.js b/core/admin/assets/assets/app.js
index 33f63433..12baec4c 100644
--- a/core/admin/assets/assets/app.js
+++ b/core/admin/assets/assets/app.js
@@ -21,6 +21,9 @@ function sha1(string) {
 }
 
 function hibpCheck(pwd) {
+    if (pwd === null || pwd === undefined || pwd.length === 0) {
+	    return;
+    }
     // We hash the pwd first
     sha1(pwd).then(function(hash){
         // We send the first 5 chars of the hash to hibp's API
diff --git a/towncrier/newsfragments/3650.bugfix b/towncrier/newsfragments/3650.bugfix
new file mode 100644
index 00000000..97d9aa8f
--- /dev/null
+++ b/towncrier/newsfragments/3650.bugfix
@@ -0,0 +1 @@
+Don't check empty passwords against HIBP