You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your feedback. We are using bcrypt for protecting user passwords. As you might have spotted in the code snippet, bcrypt has a limit of 72 character for its input.
We have considered limiting the length of the HTML input field, but ultimately decided against it as the user feedback for entering too long values into fields in not very user friendly in all browsers. Notably, users (and password managers) may "think" that they submitted a very long password, but in fact only a prefix was accepted. The server-side check is a good compromise here.
Steps to Reproduce
Expected Behaviour
Choose a password with maximum length of X and use only following character Y
Observed Behaviour
Context
Create an admin user
Technical Info
Analysis
overleaf/services/web/app/src/Features/Authentication/AuthenticationManager.js
Lines 42 to 51 in a722ca9
The text was updated successfully, but these errors were encountered: