Limit maximum length of passwords to 4096 characters

src/pretix/base/auth.py

@@ -146,7 +146,8 @@ class NativeAuthBackend(BaseAuthBackend):
         d = OrderedDict([
             ('email', forms.EmailField(label=_("E-mail"), max_length=254,
                                        widget=forms.EmailInput(attrs={'autofocus': 'autofocus'}))),
-            ('password', forms.CharField(label=_("Password"), widget=forms.PasswordInput)),
+            ('password', forms.CharField(label=_("Password"), widget=forms.PasswordInput,
+                                         max_length=4096)),
         ])
         return d
 

src/pretix/base/forms/auth.py

@@ -154,6 +154,7 @@ class RegistrationForm(forms.Form):
         widget=forms.PasswordInput(attrs={
             'autocomplete': 'new-password'  # see https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7
         }),
+        max_length=4096,
         required=True
     )
     password_repeat = forms.CharField(
@@ -161,6 +162,7 @@ class RegistrationForm(forms.Form):
         widget=forms.PasswordInput(attrs={
             'autocomplete': 'new-password'  # see https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7
         }),
+        max_length=4096,
         required=True
     )
     keep_logged_in = forms.BooleanField(label=_("Keep me logged in"), required=False)
@@ -204,11 +206,13 @@ class PasswordRecoverForm(forms.Form):
     password = forms.CharField(
         label=_('Password'),
         widget=forms.PasswordInput,
+        max_length=4096,
         required=True
     )
     password_repeat = forms.CharField(
         label=_('Repeat password'),
-        widget=forms.PasswordInput
+        widget=forms.PasswordInput,
+        max_length=4096,
     )
 
     def __init__(self, user_id=None, *args, **kwargs):

src/pretix/presale/forms/customer.py

@@ -58,6 +58,7 @@ class AuthenticationForm(forms.Form):
         label=_("Password"),
         strip=False,
         widget=forms.PasswordInput(attrs={'autocomplete': 'current-password'}),
+        max_length=4096,
     )
 
     error_messages = {
@@ -251,11 +252,13 @@ class SetPasswordForm(forms.Form):
     password = forms.CharField(
         label=_('Password'),
         widget=forms.PasswordInput(attrs={'minlength': '8', 'autocomplete': 'new-password'}),
+        max_length=4096,
         required=True
     )
     password_repeat = forms.CharField(
         label=_('Repeat password'),
         widget=forms.PasswordInput(attrs={'minlength': '8', 'autocomplete': 'new-password'}),
+        max_length=4096,
     )
 
     def __init__(self, customer=None, *args, **kwargs):
@@ -343,11 +346,13 @@ class ChangePasswordForm(forms.Form):
     password = forms.CharField(
         label=_('New password'),
         widget=forms.PasswordInput,
+        max_length=4096,
         required=True
     )
     password_repeat = forms.CharField(
         label=_('Repeat password'),
         widget=forms.PasswordInput(attrs={'minlength': '8', 'autocomplete': 'new-password'}),
+        max_length=4096,
     )
 
     def __init__(self, customer, *args, **kwargs):
@@ -406,6 +411,7 @@ class ChangeInfoForm(forms.ModelForm):
         label=_('Your current password'),
         widget=forms.PasswordInput,
         help_text=_('Only required if you change your email address'),
+        max_length=4096,
         required=False
     )