From 87882cc2c1e23e651d55fee8b347529d043b13b6 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sat, 19 Sep 2020 00:37:23 +0200
Subject: [PATCH] do not accept passwords with > 256 characters

---
 uffd/user/models.py           | 2 +-
 uffd/user/templates/user.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/uffd/user/models.py b/uffd/user/models.py
index a2b8412a..5158b323 100644
--- a/uffd/user/models.py
+++ b/uffd/user/models.py
@@ -119,7 +119,7 @@ class User():
 		return True
 
 	def set_password(self, value):
-		if len(value) < 8:
+		if len(value) < 8 or len(value) > 256:
 			return False
 		self.newpassword = value
 		return True
diff --git a/uffd/user/templates/user.html b/uffd/user/templates/user.html
index c735e850..68dcb7ea 100644
--- a/uffd/user/templates/user.html
+++ b/uffd/user/templates/user.html
@@ -62,7 +62,7 @@
 				<input type="password" class="form-control" id="user-password" name="password" placeholder="mail to set it will be sent" readonly>
 				{% endif %}
 				<small class="form-text text-muted">
-					At least 8 characters, no other special requirements. But please don't be stupid and use a password manager.
+					At least 8 and at most 256 characters, no other special requirements. But please don't be stupid and use a password manager.
 				</small>
 			</div>
 		</div>
-- 
GitLab