fix: DEV-1400: OWASP security checks (#2253)

HumanSignal · Apr 19, 2022 · ed0cc5f · ed0cc5f
1 parent b39de14
commit ed0cc5f
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/label_studio/users/forms.py b/label_studio/users/forms.py
@@ -11,6 +11,7 @@
 from users.models import User
 
 
+EMAIL_MAX_LENGTH = 256
 PASS_MAX_LENGTH = 64
 PASS_MIN_LENGTH = 8
 USERNAME_MAX_LENGTH = 30
@@ -35,6 +36,8 @@ def clean(self, *args, **kwargs):
         cleaned = super(LoginForm, self).clean()
         email = cleaned.get('email', '').lower()
         password = cleaned.get('password', '')
+        if len(email) >= EMAIL_MAX_LENGTH:
+            raise forms.ValidationError('Email is too long')
 
         # advanced way for user auth
         user = settings.USER_AUTH(User, email, password)
@@ -69,6 +72,8 @@ def clean_username(self):
 
     def clean_email(self):
         email = self.cleaned_data.get('email').lower()
+        if len(email) >= EMAIL_MAX_LENGTH:
+            raise forms.ValidationError('Email is too long')
 
         if email and User.objects.filter(email=email).exists():
             raise forms.ValidationError('User with this email already exists')