enforce 8-100 password requirement in /reset too

files/routes/login.py

@@ -462,6 +462,13 @@ def post_reset(v):
 							time=timestamp,
 							error="Passwords didn't match."), 400
 
+	if not valid_password_regex.fullmatch(password):
+		return render_template("login/reset_password.html",
+							v=user,
+							token=token,
+							time=timestamp,
+							error="Password must be between 8 and 100 characters."), 400
+
 	user.passhash = hash_password(password)
 	g.db.add(user)