Merge pull request #34500 from nextcloud/bugfix/noid/more-password-limitation

Fix password length limitation

2 files changed, 7 insertions, 0 deletions

diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index e8b6fd0e8d9..0f9ffcbadf4 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -389,6 +389,9 @@ class UsersController extends AUserData {
 		}
 
 		$generatePasswordResetToken = false;
+		if (strlen($password) > 469) {
+			throw new OCSException('Invalid password value', 101);
+		}
 		if ($password === '') {
 			if ($email === '') {
 				throw new OCSException('To send a password link to the user an email address is required.', 108);
@@ -882,6 +885,9 @@ class UsersController extends AUserData {
 				break;
 			case self::USER_FIELD_PASSWORD:
 				try {
+					if (strlen($value) > 469) {
+						throw new OCSException('Invalid password value', 102);
+					}
 					if (!$targetUser->canChangePassword()) {
 						throw new OCSException('Setting the password is not supported by the users backend', 103);
 					}
diff --git a/apps/settings/src/components/UserList.vue b/apps/settings/src/components/UserList.vue
index 8b2a84a9b9a..9d737206bf4 100644
--- a/apps/settings/src/components/UserList.vue
+++ b/apps/settings/src/components/UserList.vue
@@ -56,6 +56,7 @@
 					ref="newuserpassword"
 					v-model="newUser.password"
 					:minlength="minPasswordLength"
+					:maxlength="469"
 					:placeholder="t('settings', 'Password')"
 					:required="newUser.mailAddress===''"
 					autocapitalize="none"