From 99cbda4727fc98ec7977d1816fd00abdac3d527c Mon Sep 17 00:00:00 2001 From: Georgy Litvinov Date: Wed, 22 Feb 2023 08:31:36 +0100 Subject: [PATCH] raised password length limit to 64 characters --- .../edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java | 2 +- .../vitro/webapp/controller/authenticate/ProgramLoginTest.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java index 7b5581885..8451e9e92 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java @@ -15,7 +15,7 @@ import org.apache.commons.lang3.RandomStringUtils; */ public class UserAccount { public static final int MIN_PASSWORD_LENGTH = 6; - public static final int MAX_PASSWORD_LENGTH = 12; + public static final int MAX_PASSWORD_LENGTH = 64; public enum Status { ACTIVE, INACTIVE; diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java index 01280f6b5..3ddb5d07b 100644 --- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java +++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java @@ -14,6 +14,7 @@ import java.util.Collections; import javax.servlet.ServletException; +import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.junit.After; @@ -156,7 +157,7 @@ public class ProgramLoginTest extends AbstractTestClass { @Test public void newPasswordTooLong() { - executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, "reallyLongPassword"); + executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, RandomStringUtils.randomAlphanumeric(UserAccount.MAX_PASSWORD_LENGTH + 1)); assert403(); }