diff options
| author | Joas Schilling <coding@schilljs.com> | 2022-10-10 13:33:58 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2022-10-10 13:33:58 +0300 |
| commit | ab055418c613cfc0781fa6addab81aa2ce181bde (patch) | |
| tree | 01fc3a175e2f8fa4874a31aab8da7755c956a043 | |
| parent | a02c8fe01dd954e9ec9771bf10470d1545b54bf0 (diff) | |
Fix password length limitation
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 6 | ||||
| -rw-r--r-- | apps/settings/src/components/UserList.vue | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index e8b6fd0e8d9..0f9ffcbadf4 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -389,6 +389,9 @@ class UsersController extends AUserData { } $generatePasswordResetToken = false; + if (strlen($password) > 469) { + throw new OCSException('Invalid password value', 101); + } if ($password === '') { if ($email === '') { throw new OCSException('To send a password link to the user an email address is required.', 108); @@ -882,6 +885,9 @@ class UsersController extends AUserData { break; case self::USER_FIELD_PASSWORD: try { + if (strlen($value) > 469) { + throw new OCSException('Invalid password value', 102); + } if (!$targetUser->canChangePassword()) { throw new OCSException('Setting the password is not supported by the users backend', 103); } diff --git a/apps/settings/src/components/UserList.vue b/apps/settings/src/components/UserList.vue index 8b2a84a9b9a..9d737206bf4 100644 --- a/apps/settings/src/components/UserList.vue +++ b/apps/settings/src/components/UserList.vue @@ -56,6 +56,7 @@ ref="newuserpassword" v-model="newUser.password" :minlength="minPasswordLength" + :maxlength="469" :placeholder="t('settings', 'Password')" :required="newUser.mailAddress===''" autocapitalize="none" |