added password length check to user password validation method

Erudika · Nov 26, 2023 · fb62068 · fb62068
1 parent 8028739
commit fb62068
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/para-core/pom.xml b/para-core/pom.xml
@@ -172,7 +172,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
-			<version>3.12.0</version>
+			<version>3.13.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-codec</groupId>

diff --git a/para-core/src/main/java/com/erudika/para/core/User.java b/para-core/src/main/java/com/erudika/para/core/User.java
@@ -718,7 +718,7 @@ public static final boolean passwordMatches(User u) throws LimitExceededExceptio
 		}
 		String password = u.getPassword();
 		String identifier = u.getIdentifier();
-		if (StringUtils.isBlank(password) || StringUtils.isBlank(identifier)) {
+		if (StringUtils.isBlank(password) || StringUtils.isBlank(identifier) || password.length() > MAX_PASSWORD_LENGTH) {
 			return false;
 		}
 		ParaObject s = CoreUtils.getInstance().getDao().read(u.getAppid(), identifier);