Don't allow setting password bigger than 469 characters

Signed-off-by: Carl Schwan <carl@carlschwan.eu>

apps/settings/lib/Controller/ChangePasswordController.php

@@ -107,7 +107,7 @@ class ChangePasswordController extends Controller {
 		}
 
 		try {
-			if ($newpassword === null || $user->setPassword($newpassword) === false) {
+			if ($newpassword === null || strlen($newpassword) > 469 || $user->setPassword($newpassword) === false) {
 				return new JSONResponse([
 					'status' => 'error',
 					'data' => [
@@ -158,6 +158,15 @@ class ChangePasswordController extends Controller {
 			]);
 		}
 
+		if (strlen($password) > 469) {
+			return new JSONResponse([
+				'status' => 'error',
+				'data' => [
+					'message' => $this->l->t('Unable to change password. Password too long.'),
+				],
+			]);
+		}
+
 		$currentUser = $this->userSession->getUser();
 		$targetUser = $this->userManager->get($username);
 		if ($currentUser === null || $targetUser === null ||

apps/settings/src/components/UserList/UserRow.vue

@@ -107,6 +107,7 @@
 				ref="password"
 				:disabled="loading.password || loading.all"
 				:minlength="minPasswordLength"
+				maxlength="469"
 				:placeholder="t('settings', 'Add new password')"
 				autocapitalize="off"
 				autocomplete="new-password"

apps/settings/templates/settings/personal/security/password.php

@@ -46,6 +46,7 @@ if ($_['passwordChangeSupported']) {
 				<div class="personal-show-container">
 					<label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label>
 					<input type="password" id="pass2" name="newpassword"
+						   maxlength="469"
 						   placeholder="<?php p($l->t('New password')); ?>"
 						   data-typetoggle="#personal-show"
 						   autocomplete="new-password" autocapitalize="none" autocorrect="off" />