Increase maximum password length and enforce it.

r2/r2/controllers/validator/validator.py

@@ -795,14 +795,13 @@ class VSubmitSR(Validator):
 
         return sr
 
-pass_rx = re.compile(r"\A.{3,20}\Z")
-
-def chkpass(x):
-    return x if x and pass_rx.match(x) else None
+MIN_PASSWORD_LENGTH = 3
+MAX_PASSWORD_LENGTH = 256
 
 class VPassword(Validator):
     def run(self, password, verify):
-        if not chkpass(password):
+        if not (password and
+                MIN_PASSWORD_LENGTH < len(password) < MAX_PASSWORD_LENGTH):
             self.set_error(errors.BAD_PASSWORD)
         elif verify != password:
             self.set_error(errors.BAD_PASSWORD_MATCH)

r2/r2/templates/login.html

@@ -24,6 +24,7 @@
    from r2.lib.template_helpers import add_sr
    from r2.lib.strings import strings
    from r2.lib.utils import UrlParser
+   from r2.controllers.validator import MAX_PASSWORD_LENGTH
    import random
  %>
 <%namespace file="captcha.html" import="captchagen"/>
@@ -87,7 +88,7 @@
         <li>
           <label for="passwd_${op}">${_('password')}:</label>
           <input id="passwd_${op}" name="passwd" type="password" 
-                 maxlength="20" tabindex="${tabindex}"/>
+                 maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
           %if register:
             ${error_field("BAD_PASSWORD", "passwd", kind="span")}
           %else:
@@ -98,7 +99,7 @@
         <li>
           <label for="passwd2_${op}">${_('verify password')}:</label>
           <input name="passwd2" id="passwd2_${op}" 
-                 type="password" maxlength="20" tabindex="${tabindex}"/>
+                 type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
           ${error_field("BAD_PASSWORD_MATCH", "passwd2", kind="span")}
         </li>
         <li>

r2/r2/templates/loginformwide.html

@@ -22,6 +22,7 @@
 <%!
    from r2.lib.template_helpers import add_sr
    from r2.lib.utils import UrlParser
+   from r2.controllers.validator import MAX_PASSWORD_LENGTH
    import random
 %>
 
@@ -41,7 +42,7 @@
   %endif
   <input type="hidden" name="op" value="${op}" />
   <input name="user" placeholder="username" type="text" maxlength="20" tabindex="1"/>
-  <input name="passwd" placeholder="password" type="password" maxlength="20" tabindex="1"/>
+  <input name="passwd" placeholder="password" type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="1"/>
 
   <div class="status"></div>
 

r2/r2/templates/prefupdate.html

@@ -22,6 +22,7 @@
 
 <%namespace file="utils.html" import="error_field"/>
 <%namespace name="utils" file="utils.html"/>
+<% from r2.controllers.validator import MAX_PASSWORD_LENGTH %>
 
 <h1>
 %if thing.email and thing.password:
@@ -63,7 +64,7 @@
 
 <div class="spacer">
   <%utils:round_field title="${_('current password')}" description="${_('(required)')}">
-    <input type="password" name="curpass" />
+    <input type="password" name="curpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
     ${error_field("WRONG_PASSWORD", "curpass")}
   </%utils:round_field>
 </div>  
@@ -78,14 +79,14 @@
 %if thing.password:
 <div class="spacer">
   <%utils:round_field title="${_('new password')}">
-    <input type="password" name="newpass"/>
+    <input type="password" name="newpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
     ${error_field("BAD_PASSWORD", "newpass")}
   </%utils:round_field>
 </div>  
 
 <div class="spacer">
   <%utils:round_field title="${_('verify password')}">
-    <input type="password" name="verpass"/>
+    <input type="password" name="verpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
     ${error_field("BAD_PASSWORD_MATCH", "verpass")}
   </%utils:round_field>
 </div>