Merge branch '116-increase-amount-of-password-characters' into 'develop'

Resolve "Increase amount of password characters"

Closes #116

See merge request bramw/baserow!85

backend/src/baserow/api/user/serializers.py

@@ -24,7 +24,7 @@ class RegisterSerializer(serializers.Serializer):
     email = serializers.EmailField(
         help_text='The email address is also going to be the username.'
     )
-    password = serializers.CharField(max_length=32)
+    password = serializers.CharField(max_length=256)
     authenticate = serializers.BooleanField(
         required=False,
         default=False,

backend/tests/baserow/api/users/test_user_views.py

@@ -50,6 +50,27 @@ def test_create_user(client):
 
     assert response_failed_2.status_code == 400
 
+    long_password = 'x' * 256
+    response = client.post(reverse('api:user:index'), {
+        'name': 'Test2',
+        'email': 'test2@test.nl',
+        'password': long_password
+    }, format='json')
+    assert response.status_code == HTTP_200_OK
+    user = User.objects.get(email='test2@test.nl')
+    assert user.check_password(long_password)
+
+    long_password = 'x' * 257
+    response = client.post(reverse('api:user:index'), {
+        'name': 'Test2',
+        'email': 'test2@test.nl',
+        'password': long_password
+    }, format='json')
+    response_json = response.json()
+    assert response.status_code == HTTP_400_BAD_REQUEST
+    assert response_json['error'] == 'ERROR_REQUEST_BODY_VALIDATION'
+    assert response_json['detail']['password'][0]['code'] == 'max_length'
+
 
 @pytest.mark.django_db
 def test_send_reset_password_email(data_fixture, client, mailoutbox):

changelog.md

@@ -7,6 +7,7 @@
   request.
 * Block non web frontend domains in the base url when requesting a password reset
   email.
+* Increased the amount of password characters to 256 when signing up.
 
 ## Released (2020-07-20)
 

web-frontend/modules/core/pages/signup.vue

@@ -44,9 +44,20 @@
             class="input input--large"
             @blur="$v.account.password.$touch()"
           />
-          <div v-if="$v.account.password.$error" class="error">
+          <div
+            v-if="$v.account.password.$error && !$v.account.password.required"
+            class="error"
+          >
             A password is required.
           </div>
+          <div
+            v-if="$v.account.password.$error && !$v.account.password.maxLength"
+            class="error"
+          >
+            A maximum of
+            {{ $v.account.password.$params.maxLength.max }} characters is
+            allowed here.
+          </div>
         </div>
       </div>
       <div class="control">
@@ -87,7 +98,13 @@
 </template>
 
 <script>
-import { required, email, sameAs, minLength } from 'vuelidate/lib/validators'
+import {
+  required,
+  email,
+  sameAs,
+  minLength,
+  maxLength,
+} from 'vuelidate/lib/validators'
 
 import { ResponseErrorMessage } from '@baserow/modules/core/plugins/clientHandler'
 import error from '@baserow/modules/core/mixins/error'
@@ -149,7 +166,10 @@ export default {
         required,
         minLength: minLength(2),
       },
-      password: { required },
+      password: {
+        required,
+        maxLength: maxLength(256),
+      },
       passwordConfirm: {
         sameAsPassword: sameAs('password'),
       },