Skip to content

♻️ Update password max length#1447

Merged
tiangolo merged 6 commits intofastapi:masterfrom
michaelAlvarino:master
Oct 23, 2025
Merged

♻️ Update password max length#1447
tiangolo merged 6 commits intofastapi:masterfrom
michaelAlvarino:master

Conversation

@michaelAlvarino
Copy link
Copy Markdown
Contributor

@michaelAlvarino michaelAlvarino commented Dec 11, 2024
edited by YuriiMotov
Loading

On my machine, the command provided to generate a password (using
python3 specifically), results in a 44 character string, while the
maximum allowable character length in the model is 40, causing a
conflict. This PR updates the max_legnth for all password model
definitions.

MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44

Discussion: #1448

@michaelAlvarino
Update password max length
7198fd4 
On my machine, the command provided to generate a password (using
python3 specifically), results in a 44 character string, while the
maximum allowable character length in the model is 40, causing a
conflict. This PR updates the max_legnth for all password model
definitions.

```
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44
MacBook-Pro-3:full-stack-fastapi-template michaelalvarino$ python3 -c "import secrets; print(secrets.token_urlsafe(32))" | wc -c
      44
```
@michaelAlvarino michaelAlvarino marked this pull request as ready for review December 11, 2024 03:12
@alejsdev alejsdev changed the title Update password max length ♻️ Update password max length Feb 18, 2025
@sheep7
Copy link
Copy Markdown

sheep7 commented Apr 18, 2025

I had the same issue on first time run of a plain clone of the project: I generated the passwords as recommended with the provided python code which led to the prestart container failing with the ValidationError (password - "String should have at most 40 characters").

I'd suggest to raise the limit to something around 100 characters at least, to encourage strong password best practices, such as using passphrases (a 100 bit entropy passphrase with 8 words can easily have around 70 characters).

@stevleibelt
Copy link
Copy Markdown

stevleibelt commented Apr 19, 2025

Hello @michaelAlvarino,

this is my inner Monk writing :-D - Is there a reason to set the password length to 45 or could it be 48 or 64? Because you can divided 48 or 64 by two^^.

@michaelAlvarino
Copy link
Copy Markdown
Contributor Author

michaelAlvarino commented Apr 21, 2025
edited
Loading

This was a while ago, so I think it was because I was looking for the cutoff point at which everything worked. So no reason in particular. I'll change it to 64 128.

@michaelAlvarino
Merge branch 'master' into master
7b9c0bd
@michaelAlvarino
Increase Password Length Limit
3ba2c44 
Further increase password length limit to address concerns around
password entropy and make it multiple of 2.
YuriiMotov
YuriiMotov approved these changes Sep 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@YuriiMotov YuriiMotov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If people need this, why not?

LGTM

@YuriiMotov YuriiMotov mentioned this pull request Sep 5, 2025
Closed
1 task
@michaelAlvarino
Copy link
Copy Markdown
Contributor Author

michaelAlvarino commented Sep 20, 2025

@YuriiMotov I needed to regenerate the client, could I get another 👍 ?

@YuriiMotov YuriiMotov mentioned this pull request Oct 2, 2025
Closed
svlandeg
svlandeg approved these changes Oct 22, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@svlandeg svlandeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, thanks @michaelAlvarino !

tiangolo
tiangolo approved these changes Oct 23, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@tiangolo tiangolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks! 🚀

@tiangolo tiangolo merged commit c612641 into fastapi:master Oct 23, 2025
16 checks passed
rajdavee pushed a commit to OrganyzAI/python-backend that referenced this pull request Dec 30, 2025
@michaelAlvarino @svlandeg
♻️ Update password max length (fastapi#1447)
c076635 
Co-authored-by: Sofie Van Landeghem <[email protected]>
azzi2023 pushed a commit to azzi2023/organyz-python-backend that referenced this pull request Jan 9, 2026
@michaelAlvarino @svlandeg
♻️ Update password max length (fastapi#1447)
ff255a8 
Co-authored-by: Sofie Van Landeghem <[email protected]>
This was referenced Feb 12, 2026
Merged
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiangolo tiangolo tiangolo approved these changes

@svlandeg svlandeg svlandeg approved these changes

@YuriiMotov YuriiMotov YuriiMotov approved these changes

Assignees

No one assigned

Labels

refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@michaelAlvarino @sheep7 @stevleibelt @tiangolo @svlandeg @YuriiMotov @alejsdev