[FIX] web: limit password size #15024

Merged
merged 1 commit into from Jan 11, 2017

Projects

None yet

2 participants

@nim-odoo
Contributor

If the user writes a password larger than 4096 characters at the login
screen, it causes a crash instead of displaying the "Wrong
login/password" message.

The Python library used to hash password (passlib) is by default limited
to 4096 characters. Above this limit, it raises an error (source:
https://pythonhosted.org/passlib/lib/passlib.exc.html).

Allowing a password larger than 4096 is not necessary, we just limit the
field maximum length since such a situation should happen because of an
incorrect copy/paste.

opw-704110

@nim-odoo nim-odoo self-assigned this Jan 11, 2017
@nim-odoo nim-odoo added the OE label Jan 11, 2017
@Yajo
Yajo approved these changes Jan 11, 2017 View changes
@nim-odoo nim-odoo [FIX] web: limit password size
If the user writes a password larger than 4096 characters at the login
screen, it causes a crash instead of displaying the "Wrong
login/password" message.

The Python library used to hash password (passlib) is by default limited
to 4096 characters. Above this limit, it raises an error (source:
https://pythonhosted.org/passlib/lib/passlib.exc.html).

Allowing a password larger than 4096 is not necessary, we just limit the
field maximum length since such a situation should happen because of an
incorrect copy/paste.

opw-704110
ea4c231
@nim-odoo nim-odoo merged commit ea4c231 into odoo:9.0 Jan 11, 2017

1 of 2 checks passed

ci/runbot runbot build 191823-9-0-ea4c23
Details
legal/cla Nicolas Martinelli Odoo CLA signature check
Details
@nim-odoo nim-odoo deleted the odoo-dev:9.0-opw-704110-login-nim branch Jan 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment