Only check invalid size passwords on register

1 files changed, 11 insertions, 11 deletions

diff --git a/src/invidious.cr b/src/invidious.cr
index 2c26e24b..34c9384f 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -803,17 +803,6 @@ post "/login" do |env|
       next templated "error"
     end
 
-    if password.empty?
-      error_message = "Password cannot be empty"
-      next templated "error"
-    end
-
-    # See https://security.stackexchange.com/a/39851
-    if password.size > 55
-      error_message = "Password cannot be longer than 55 characters"
-      next templated "error"
-    end
-
     if !challenge_response || !token
       error_message = "CAPTCHA is a required field"
       next templated "error"
@@ -856,6 +845,17 @@ post "/login" do |env|
         next templated "error"
       end
     elsif action == "register"
+      if password.empty?
+        error_message = "Password cannot be empty"
+        next templated "error"
+      end
+
+      # See https://security.stackexchange.com/a/39851
+      if password.size > 55
+        error_message = "Password cannot be longer than 55 characters"
+        next templated "error"
+      end
+
       user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User)
       if user
         error_message = "Please sign in"