From fb62068e7aa221151dab48911cc03f438e510a8b Mon Sep 17 00:00:00 2001
From: Alex Bogdanovski <alex@erudika.com>
Date: Sun, 26 Nov 2023 15:33:35 +0200
Subject: [PATCH] added password length check to user password validation
 method

---
 para-core/pom.xml                                       | 2 +-
 para-core/src/main/java/com/erudika/para/core/User.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/para-core/pom.xml b/para-core/pom.xml
index f1385192..c7db4ac4 100644
--- a/para-core/pom.xml
+++ b/para-core/pom.xml
@@ -172,7 +172,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
-			<version>3.12.0</version>
+			<version>3.13.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-codec</groupId>
diff --git a/para-core/src/main/java/com/erudika/para/core/User.java b/para-core/src/main/java/com/erudika/para/core/User.java
index d79ae0df..a738fabc 100644
--- a/para-core/src/main/java/com/erudika/para/core/User.java
+++ b/para-core/src/main/java/com/erudika/para/core/User.java
@@ -718,7 +718,7 @@ public static final boolean passwordMatches(User u) throws LimitExceededExceptio
 		}
 		String password = u.getPassword();
 		String identifier = u.getIdentifier();
-		if (StringUtils.isBlank(password) || StringUtils.isBlank(identifier)) {
+		if (StringUtils.isBlank(password) || StringUtils.isBlank(identifier) || password.length() > MAX_PASSWORD_LENGTH) {
 			return false;
 		}
 		ParaObject s = CoreUtils.getInstance().getDao().read(u.getAppid(), identifier);