Remove password length maximum.

bcrypt only pays attention to the first 72 characters anyway, so there's no harm done to us. The new effective limit is the maximum POST size: 500Kb :)
2026-04-05 03:00:15 -04:00 · 2011-10-21 08:56:55 -07:00
parent c66c995803
commit 2e364c1ac2
4 changed files with 7 additions and 12 deletions
--- a/r2/r2/controllers/validator/validator.py
+++ b/r2/r2/controllers/validator/validator.py
@@ -796,12 +796,10 @@ class VSubmitSR(Validator):
        return sr

 MIN_PASSWORD_LENGTH = 3
-MAX_PASSWORD_LENGTH = 256

 class VPassword(Validator):
    def run(self, password, verify):
-        if not (password and
-                MIN_PASSWORD_LENGTH < len(password) < MAX_PASSWORD_LENGTH):
+        if not (password and len(password) >= MIN_PASSWORD_LENGTH):
            self.set_error(errors.BAD_PASSWORD)
        elif verify != password:
            self.set_error(errors.BAD_PASSWORD_MATCH)
--- a/r2/r2/templates/login.html
+++ b/r2/r2/templates/login.html
@@ -24,7 +24,6 @@
   from r2.lib.template_helpers import add_sr
   from r2.lib.strings import strings
   from r2.lib.utils import UrlParser
-   from r2.controllers.validator import MAX_PASSWORD_LENGTH
   import random
 %>
 <%namespace file="captcha.html" import="captchagen"/>
@@ -88,7 +87,7 @@
        <li>
          <label for="passwd_${op}">${_('password')}:</label>
          <input id="passwd_${op}" name="passwd" type="password" 
-                 maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
+                 tabindex="${tabindex}"/>
          %if register:
            ${error_field("BAD_PASSWORD", "passwd", kind="span")}
          %else:
@@ -99,7 +98,7 @@
        <li>
          <label for="passwd2_${op}">${_('verify password')}:</label>
          <input name="passwd2" id="passwd2_${op}" 
-                 type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
+                 type="password" tabindex="${tabindex}"/>
          ${error_field("BAD_PASSWORD_MATCH", "passwd2", kind="span")}
        </li>
        <li>
--- a/r2/r2/templates/loginformwide.html
+++ b/r2/r2/templates/loginformwide.html
@@ -22,7 +22,6 @@
 <%!
   from r2.lib.template_helpers import add_sr
   from r2.lib.utils import UrlParser
-   from r2.controllers.validator import MAX_PASSWORD_LENGTH
   import random
 %>

@@ -42,7 +41,7 @@
  %endif
  <input type="hidden" name="op" value="${op}" />
  <input name="user" placeholder="username" type="text" maxlength="20" tabindex="1"/>
-  <input name="passwd" placeholder="password" type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="1"/>
+  <input name="passwd" placeholder="password" type="password" tabindex="1"/>

  <div class="status"></div>

--- a/r2/r2/templates/prefupdate.html
+++ b/r2/r2/templates/prefupdate.html
@@ -22,7 +22,6 @@

 <%namespace file="utils.html" import="error_field"/>
 <%namespace name="utils" file="utils.html"/>
-<% from r2.controllers.validator import MAX_PASSWORD_LENGTH %>

 <h1>
 %if thing.email and thing.password:
@@ -64,7 +63,7 @@

 <div class="spacer">
  <%utils:round_field title="${_('current password')}" description="${_('(required)')}">
-    <input type="password" name="curpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="curpass" />
    ${error_field("WRONG_PASSWORD", "curpass")}
  </%utils:round_field>
 </div>  
@@ -79,14 +78,14 @@
 %if thing.password:
 <div class="spacer">
  <%utils:round_field title="${_('new password')}">
-    <input type="password" name="newpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="newpass" />
    ${error_field("BAD_PASSWORD", "newpass")}
  </%utils:round_field>
 </div>  

 <div class="spacer">
  <%utils:round_field title="${_('verify password')}">
-    <input type="password" name="verpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="verpass" />
    ${error_field("BAD_PASSWORD_MATCH", "verpass")}
  </%utils:round_field>
 </div>