Skip to content

Also limit the password length on reset #35965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 4, 2023
Merged

Also limit the password length on reset #35965

merged 1 commit into from
Jan 4, 2023

Conversation

@nickvergessen
Copy link
Member

Ref #33110

Checklist

@nickvergessen
Also limit the password length on reset
9cfaf27 
Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen added this to the Nextcloud 26 milestone Jan 3, 2023
@nickvergessen nickvergessen requested a review from a team January 3, 2023 15:42
@nickvergessen nickvergessen self-assigned this Jan 3, 2023
@nickvergessen nickvergessen requested review from ArtificialOwl, PVince81, blizzz, come-nc and icewind1991 and removed request for a team January 3, 2023 15:42
@nickvergessen
Copy link
Member Author

/backport to stable25

come-nc
come-nc approved these changes Jan 3, 2023
View reviewed changes
core/Controller/LostController.php
$this->eventDispatcher->dispatchTyped(new BeforePasswordResetEvent($user, $password));
\OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', ['uid' => $userId, 'password' => $password]);

if (strlen($password) > 469) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Magic number? We have no constant/config for this?

Copy link
Member Author

@nickvergessen nickvergessen Jan 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Magic number for now due to upcoming release and necessary backport.
But yeah it yields for a const.

Scheduled myself a todo for next week

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.
Is the issue fixed or can I collabrate to fix this issue?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR at #35981

PVince81
PVince81 approved these changes Jan 3, 2023
View reviewed changes
Copy link
Member

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@PVince81 PVince81 added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jan 3, 2023
Aditya-Karbhari
Aditya-Karbhari reviewed Jan 3, 2023
View reviewed changes
Copy link

@Aditya-Karbhari Aditya-Karbhari left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New change in code is fine to me.👍

@nickvergessen nickvergessen merged commit ce50acd into master Jan 4, 2023
@nickvergessen nickvergessen deleted the bugfix/noid/limit-length-when-reseting-password branch January 4, 2023 08:51
@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Jan 4, 2023
Merged
@nickvergessen nickvergessen mentioned this pull request Jan 4, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PVince81 PVince81 PVince81 approved these changes

@come-nc come-nc come-nc approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@blizzz blizzz Awaiting requested review from blizzz blizzz is a code owner automatically assigned from nextcloud/server-backend

+1 more reviewer

@Aditya-Karbhari Aditya-Karbhari Aditya-Karbhari left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@nickvergessen nickvergessen

Labels

4. to release Ready to be released and/or waiting for tests to finish bug feature: users and groups

Projects

None yet

Milestone

Nextcloud 26

Development

Successfully merging this pull request may close these issues.

5 participants

@nickvergessen @PVince81 @come-nc @Aditya-Karbhari