Skip to content

Cap password length at 72 characters (DoS hardening)#3624

Merged
bernardhanna merged 1 commit into
masterfrom
fix/password-max-length
Jul 13, 2026
Merged

Cap password length at 72 characters (DoS hardening)#3624
bernardhanna merged 1 commit into
masterfrom
fix/password-max-length

Conversation

@bernardhanna

Copy link
Copy Markdown
Collaborator

Summary

  • Enforce a 72-character maximum password length server-side on registration, login, and password reset
  • Add maxlength="72" on the shared password field component
  • Add tests confirming oversized passwords are rejected and valid 72-character passwords still pass validation

Test plan

  • php artisan test tests/Feature/Auth/PasswordLengthValidationTest.php
  • After deploy: register with a normal password on https://codeweek.eu/register
  • After deploy: confirm an oversized password returns a validation error
  • Run npm run build on Forge so the frontend maxlength is live

Made with Cursor

Enforces the limit on registration, login, and password reset, with frontend maxlength and tests to ensure normal passwords still work.

Co-authored-by: Cursor <cursoragent@cursor.com>
@bernardhanna bernardhanna merged commit f4a14ea into master Jul 13, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant