Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

♻️ Update password max length #1447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
michaelAlvarino wants to merge 3 commits into fastapi:master
base: master
Choose a base branch
Loading
from michaelAlvarino:master

Conversation

Copy link

@michaelAlvarino michaelAlvarino commented Dec 11, 2024

On my machine, the command provided to generate a password (using
python3 specifically), results in a 44 character string, while the
maximum allowable character length in the model is 40, causing a
conflict. This PR updates the max_legnth for all password model
definitions.

MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44

sheep7 reacted with thumbs up emoji 
On my machine, the command provided to generate a password (using
python3 specifically), results in a 44 character string, while the
maximum allowable character length in the model is 40, causing a
conflict. This PR updates the max_legnth for all password model
definitions.
```
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
 44
```
@michaelAlvarino michaelAlvarino marked this pull request as ready for review December 11, 2024 03:12
@alejsdev alejsdev changed the title (削除) Update password max length (削除ここまで) (追記) ♻️ Update password max length (追記ここまで) Feb 18, 2025
Copy link

sheep7 commented Apr 18, 2025

I had the same issue on first time run of a plain clone of the project: I generated the passwords as recommended with the provided python code which led to the prestart container failing with the ValidationError (password - "String should have at most 40 characters").

I'd suggest to raise the limit to something around 100 characters at least, to encourage strong password best practices, such as using passphrases (a 100 bit entropy passphrase with 8 words can easily have around 70 characters).

Copy link

Hello @michaelAlvarino,

this is my inner Monk writing :-D - Is there a reason to set the password length to 45 or could it be 48 or 64? Because you can divided 48 or 64 by two^^.

Copy link
Author

michaelAlvarino commented Apr 21, 2025
edited
Loading

This was a while ago, so I think it was because I was looking for the cutoff point at which everything worked. So no reason in particular. I'll change it to (削除) 64 (削除ここまで) 128.
sheep7 reacted with thumbs up emoji stevleibelt reacted with rocket emoji 

Further increase password length limit to address concerns around
password entropy and make it multiple of 2.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /