From 780a0ee68795ccfb67604489ba27caa97b6dd908 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 2 Jan 2024 16:38:58 +0100
Subject: [PATCH] Increase limits

---
 packages/backend-core/src/security/auth.ts    | 10 +++++-----
 .../src/security/tests/auth.spec.ts           | 20 +++++++++++++++----
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/packages/backend-core/src/security/auth.ts b/packages/backend-core/src/security/auth.ts
index 3bcecd9e11..c44a17a54f 100644
--- a/packages/backend-core/src/security/auth.ts
+++ b/packages/backend-core/src/security/auth.ts
@@ -1,20 +1,20 @@
-const MIN_LENGTH = 8
-const MAX_LENGTH = 100
+export const PASSWORD_MIN_LENGTH = 8
+export const PASSWORD_MAX_LENGTH = 512
 
 export function validatePassword(
   password: string
 ): { valid: true } | { valid: false; error: string } {
-  if (!password || password.length < MIN_LENGTH) {
+  if (!password || password.length < PASSWORD_MIN_LENGTH) {
     return {
       valid: false,
       error: "Password invalid. Minimum eight characters.",
     }
   }
 
-  if (password.length > MAX_LENGTH) {
+  if (password.length > PASSWORD_MAX_LENGTH) {
     return {
       valid: false,
-      error: "Password invalid. Maximum hundred characters.",
+      error: `Password invalid. Maximum ${PASSWORD_MAX_LENGTH} characters.`,
     }
   }
 
diff --git a/packages/backend-core/src/security/tests/auth.spec.ts b/packages/backend-core/src/security/tests/auth.spec.ts
index 7be049ae1a..46ebfae655 100644
--- a/packages/backend-core/src/security/tests/auth.spec.ts
+++ b/packages/backend-core/src/security/tests/auth.spec.ts
@@ -1,5 +1,5 @@
 import { generator } from "../../../tests"
-import { validatePassword } from "../auth"
+import { PASSWORD_MAX_LENGTH, validatePassword } from "../auth"
 
 describe("auth", () => {
   describe("validatePassword", () => {
@@ -19,12 +19,24 @@ describe("auth", () => {
     })
 
     it.each([
-      generator.word({ length: 101 }),
-      generator.paragraph().substring(0, 101),
+      generator.word({ length: PASSWORD_MAX_LENGTH }),
+      generator.paragraph().substring(0, PASSWORD_MAX_LENGTH),
+    ])(
+      `can use passwords up to ${PASSWORD_MAX_LENGTH} characters in length`,
+      password => {
+        expect(validatePassword(password as string)).toEqual({
+          valid: true,
+        })
+      }
+    )
+
+    it.each([
+      generator.word({ length: PASSWORD_MAX_LENGTH + 1 }),
+      generator.paragraph().substring(0, PASSWORD_MAX_LENGTH + 1),
     ])("limit password length", password => {
       expect(validatePassword(password as string)).toEqual({
         valid: false,
-        error: "Password invalid. Maximum hundred characters.",
+        error: "Password invalid. Maximum 512 characters.",
       })
     })
   })