From 7198fd46d01e19a02e2aa6fb7e6cca48ff542a25 Mon Sep 17 00:00:00 2001 From: Michael Alvarino Date: Tue, 10 Dec 2024 22:00:16 -0500 Subject: [PATCH 1/2] Update password max length On my machine, the command provided to generate a password (using python3 specifically), results in a 44 character string, while the maximum allowable character length in the model is 40, causing a conflict. This PR updates the max_legnth for all password model definitions. ``` MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c 44 MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c 44 MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c 44 ``` --- backend/app/models.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/app/models.py b/backend/app/models.py index 90ef5559e3e..ae7e64d5cb7 100644 --- a/backend/app/models.py +++ b/backend/app/models.py @@ -14,19 +14,19 @@ class UserBase(SQLModel): # Properties to receive via API on creation class UserCreate(UserBase): - password: str = Field(min_length=8, max_length=40) + password: str = Field(min_length=8, max_length=45) class UserRegister(SQLModel): email: EmailStr = Field(max_length=255) - password: str = Field(min_length=8, max_length=40) + password: str = Field(min_length=8, max_length=45) full_name: str | None = Field(default=None, max_length=255) # Properties to receive via API on update, all are optional class UserUpdate(UserBase): email: EmailStr | None = Field(default=None, max_length=255) # type: ignore - password: str | None = Field(default=None, min_length=8, max_length=40) + password: str | None = Field(default=None, min_length=8, max_length=45) class UserUpdateMe(SQLModel): @@ -35,8 +35,8 @@ class UserUpdateMe(SQLModel): class UpdatePassword(SQLModel): - current_password: str = Field(min_length=8, max_length=40) - new_password: str = Field(min_length=8, max_length=40) + current_password: str = Field(min_length=8, max_length=45) + new_password: str = Field(min_length=8, max_length=45) # Database model, database table inferred from class name @@ -111,4 +111,4 @@ class TokenPayload(SQLModel): class NewPassword(SQLModel): token: str - new_password: str = Field(min_length=8, max_length=40) + new_password: str = Field(min_length=8, max_length=45) From 3ba2c4434cbbb7457dc2fd6bf3260dea18a5ea5f Mon Sep 17 00:00:00 2001 From: Michael Alvarino Date: Mon, 21 Apr 2025 10:33:11 -0400 Subject: [PATCH 2/2] Increase Password Length Limit Further increase password length limit to address concerns around password entropy and make it multiple of 2. --- backend/app/models.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/app/models.py b/backend/app/models.py index 29aae4ed902..2d060ba0b41 100644 --- a/backend/app/models.py +++ b/backend/app/models.py @@ -14,19 +14,19 @@ class UserBase(SQLModel): # Properties to receive via API on creation class UserCreate(UserBase): - password: str = Field(min_length=8, max_length=45) + password: str = Field(min_length=8, max_length=128) class UserRegister(SQLModel): email: EmailStr = Field(max_length=255) - password: str = Field(min_length=8, max_length=45) + password: str = Field(min_length=8, max_length=128) full_name: str | None = Field(default=None, max_length=255) # Properties to receive via API on update, all are optional class UserUpdate(UserBase): email: EmailStr | None = Field(default=None, max_length=255) # type: ignore - password: str | None = Field(default=None, min_length=8, max_length=45) + password: str | None = Field(default=None, min_length=8, max_length=128) class UserUpdateMe(SQLModel): @@ -35,8 +35,8 @@ class UserUpdateMe(SQLModel): class UpdatePassword(SQLModel): - current_password: str = Field(min_length=8, max_length=45) - new_password: str = Field(min_length=8, max_length=45) + current_password: str = Field(min_length=8, max_length=128) + new_password: str = Field(min_length=8, max_length=128) # Database model, database table inferred from class name @@ -110,4 +110,4 @@ class TokenPayload(SQLModel): class NewPassword(SQLModel): token: str - new_password: str = Field(min_length=8, max_length=45) + new_password: str = Field(min_length=8, max_length=128)