From e488312dfea659ff5cfedf6e008f2cb00abe8617 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Tue, 17 Oct 2023 12:42:26 +0300
Subject: [PATCH] enforce 8-100 password requirement in /reset too

---
 files/routes/login.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/files/routes/login.py b/files/routes/login.py
index 88c34e635c..530d28b040 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -462,6 +462,13 @@ def post_reset(v):
 							time=timestamp,
 							error="Passwords didn't match."), 400
 
+	if not valid_password_regex.fullmatch(password):
+		return render_template("login/reset_password.html",
+							v=user,
+							token=token,
+							time=timestamp,
+							error="Password must be between 8 and 100 characters."), 400
+
 	user.passhash = hash_password(password)
 	g.db.add(user)