Remove password length maximum.

bcrypt only pays attention to the first 72 characters
anyway, so there's no harm done to us. The new effective
limit is the maximum POST size: 500Kb :)

r2/r2/controllers/validator/validator.py

@@ -796,12 +796,10 @@ def run(self, sr_name, link_type = None):
         return sr
 
 MIN_PASSWORD_LENGTH = 3
-MAX_PASSWORD_LENGTH = 256
 
 class VPassword(Validator):
     def run(self, password, verify):
-        if not (password and
-                MIN_PASSWORD_LENGTH < len(password) < MAX_PASSWORD_LENGTH):
+        if not (password and len(password) >= MIN_PASSWORD_LENGTH):
             self.set_error(errors.BAD_PASSWORD)
         elif verify != password:
             self.set_error(errors.BAD_PASSWORD_MATCH)

r2/r2/templates/login.html

@@ -24,7 +24,6 @@
    from r2.lib.template_helpers import add_sr
    from r2.lib.strings import strings
    from r2.lib.utils import UrlParser
-   from r2.controllers.validator import MAX_PASSWORD_LENGTH
    import random
  %>
 <%namespace file="captcha.html" import="captchagen"/>
@@ -88,7 +87,7 @@
         <li>
           <label for="passwd_${op}">${_('password')}:</label>
           <input id="passwd_${op}" name="passwd" type="password" 
-                 maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
+                 tabindex="${tabindex}"/>
           %if register:
             ${error_field("BAD_PASSWORD", "passwd", kind="span")}
           %else:
@@ -99,7 +98,7 @@
         <li>
           <label for="passwd2_${op}">${_('verify password')}:</label>
           <input name="passwd2" id="passwd2_${op}" 
-                 type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="${tabindex}"/>
+                 type="password" tabindex="${tabindex}"/>
           ${error_field("BAD_PASSWORD_MATCH", "passwd2", kind="span")}
         </li>
         <li>

r2/r2/templates/loginformwide.html

@@ -22,7 +22,6 @@
 <%!
    from r2.lib.template_helpers import add_sr
    from r2.lib.utils import UrlParser
-   from r2.controllers.validator import MAX_PASSWORD_LENGTH
    import random
 %>
 
@@ -42,7 +41,7 @@
   %endif
   <input type="hidden" name="op" value="${op}" />
   <input name="user" placeholder="username" type="text" maxlength="20" tabindex="1"/>
-  <input name="passwd" placeholder="password" type="password" maxlength="${MAX_PASSWORD_LENGTH}" tabindex="1"/>
+  <input name="passwd" placeholder="password" type="password" tabindex="1"/>
 
   <div class="status"></div>
 

r2/r2/templates/prefupdate.html

@@ -22,7 +22,6 @@
 
 <%namespace file="utils.html" import="error_field"/>
 <%namespace name="utils" file="utils.html"/>
-<% from r2.controllers.validator import MAX_PASSWORD_LENGTH %>
 
 <h1>
 %if thing.email and thing.password:
@@ -64,7 +63,7 @@ <h1>
 
 <div class="spacer">
   <%utils:round_field title="${_('current password')}" description="${_('(required)')}">
-    <input type="password" name="curpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="curpass" />
     ${error_field("WRONG_PASSWORD", "curpass")}
   </%utils:round_field>
 </div>  
@@ -79,14 +78,14 @@ <h1>
 %if thing.password:
 <div class="spacer">
   <%utils:round_field title="${_('new password')}">
-    <input type="password" name="newpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="newpass" />
     ${error_field("BAD_PASSWORD", "newpass")}
   </%utils:round_field>
 </div>  
 
 <div class="spacer">
   <%utils:round_field title="${_('verify password')}">
-    <input type="password" name="verpass" maxlength="${MAX_PASSWORD_LENGTH}"/>
+    <input type="password" name="verpass" />
     ${error_field("BAD_PASSWORD_MATCH", "verpass")}
   </%utils:round_field>
 </div>