Added limit on user and password login length

Yuval-Roth · Yuval-Roth · commit 4cf8efba8e18 · 2025-06-23T21:17:24.000+03:00
diff --git a/manager/src/app.py b/manager/src/app.py
@@ -47,6 +47,10 @@ def login():
         username = request.form['username']
         password = request.form['password']
 
+        if username and password:
+            if len(username) > 64 or len(password) > 64:
+                return render_template('login.html')
+
         auth_res = authenticate_basic(username, password)
         if auth_res and auth_res.get_success():
             # Reset failed login attempts for this client IP
@@ -64,18 +68,21 @@ def login():
             # Increment failed login attempts for this client IP
             failed_login_attempts[client_ip] += 1
 
+            flash("Invalid credentials", "error")
+
             # increase the timeout based on the number of failed attempts
             if failed_login_attempts[client_ip] >= 10:
                 Logger.log_info(f"Locking out client {client_ip} for 30 minutes due to too many failed login attempts.")
                 timeouts[client_ip] = datetime.now() + timedelta(minutes=30)
+                return render_template('lockout.html')
             elif failed_login_attempts[client_ip] >= 5:
                 Logger.log_info(f"Locking out client {client_ip} for 10 minutes due to too many failed login attempts.")
                 timeouts[client_ip] = datetime.now() + timedelta(minutes=10)
+                return render_template('lockout.html')
             elif failed_login_attempts[client_ip] >= 3:
                 Logger.log_info(f"Locking out client {client_ip} for 5 minutes due to too many failed login attempts.")
                 timeouts[client_ip] = datetime.now() + timedelta(minutes=5)
-
-            flash("Invalid credentials", "error")
+                return render_template('lockout.html')
 
     return render_template('login.html')
 
diff --git a/manager/src/templates/login.html b/manager/src/templates/login.html
@@ -12,10 +12,10 @@
         <h1>Login</h1>
         <form action="{{ url_for('login') }}" method="post">
             <label for="username">Username:</label>
-            <input type="text" id="username" name="username" required>
+            <input type="text" id="username" name="username" maxlength="64" required>
 
             <label for="password">Password:</label>
-            <input type="password" id="password" name="password" required>
+            <input type="password" id="password" name="password" maxlength="64" required>
 
             <button type="submit">Login</button>
         </form>
diff --git a/manager/src/templates/operators.html b/manager/src/templates/operators.html
@@ -50,10 +50,10 @@ <h1>Operators</h1>
         <h2 id="modal-title">Add Operator</h2>
         <form id="operator-form">
             <label for="username">Username:</label>
-            <input type="text" id="username" name="username" required>
+            <input type="text" id="username" name="username" maxlength="64" required>
 
             <label for="password">Password:</label>
-            <input type="password" id="password" name="password" required>
+            <input type="password" id="password" name="password" maxlength="64" required>
         </form>
         <div class="modal-buttons">
             <button type="button" id="close-modal-btn" class="cancel-button">Cancel</button>
