From 40ee1ef973de33de5bdf3e6b7e877d156d87436a Mon Sep 17 00:00:00 2001
From: Andris Reinman <andris@reinman.eu>
Date: Mon, 2 Oct 2023 14:22:17 +0300
Subject: [PATCH] Set the same max password length for every field

---
 routes/account.js          | 10 +++++-----
 routes/account/security.js |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/routes/account.js b/routes/account.js
index c9bb472..822819c 100644
--- a/routes/account.js
+++ b/routes/account.js
@@ -265,9 +265,9 @@ router.post('/profile', passport.checkLogin, (req, res) => {
 
             spamLevel: Joi.number().empty('').min(0).max(100),
 
-            existingPassword: Joi.string().empty('').min(8).max(100).label('Current password'),
-            password: Joi.string().empty('').min(8).max(100).label('New password').valid(Joi.ref('password2')),
-            password2: Joi.string().empty('').min(8).max(100).label('Repeat password')
+            existingPassword: Joi.string().empty('').min(8).max(256).label('Current password'),
+            password: Joi.string().empty('').min(8).max(256).label('New password').valid(Joi.ref('password2')),
+            password2: Joi.string().empty('').min(8).max(256).label('Repeat password')
         })
         .and('password', 'existingPassword', 'password2');
 
@@ -504,8 +504,8 @@ router.post('/update-password', (req, res) => {
     }
 
     const updateSchema = Joi.object().keys({
-        password: Joi.string().empty('').min(8).max(100).label('New password').valid(Joi.ref('password2')).required(),
-        password2: Joi.string().empty('').min(8).max(100).label('Repeat password').required()
+        password: Joi.string().empty('').min(8).max(256).label('New password').valid(Joi.ref('password2')).required(),
+        password2: Joi.string().empty('').min(8).max(256).label('Repeat password').required()
     });
 
     delete req.body._csrf;
diff --git a/routes/account/security.js b/routes/account/security.js
index db7ffda..f89c4cf 100644
--- a/routes/account/security.js
+++ b/routes/account/security.js
@@ -254,9 +254,9 @@ router.post('/password', (req, res) => {
     }
 
     const updateSchema = Joi.object().keys({
-        existingPassword: Joi.string().empty('').min(8).max(100).label('Current password').required(),
-        password: Joi.string().empty('').min(8).max(100).label('New password').valid(Joi.ref('password2')).required(),
-        password2: Joi.string().empty('').min(8).max(100).label('Repeat password').required()
+        existingPassword: Joi.string().empty('').min(8).max(256).label('Current password').required(),
+        password: Joi.string().empty('').min(8).max(256).label('New password').valid(Joi.ref('password2')).required(),
+        password2: Joi.string().empty('').min(8).max(256).label('Repeat password').required()
     });
 
     delete req.body._csrf;