From b74df36bda723b53a82d553a59c3a4c8eee5616c Mon Sep 17 00:00:00 2001
From: miaurizius <maurice@miaurizius.de>
Date: Tue, 9 Jun 2026 14:40:49 +0200
Subject: [PATCH] fixed https://git.miaurizius.de/MiauRizius/MiauInv/issues/4

---
 handlers/account.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/handlers/account.go b/handlers/account.go
index b73902e..4db49fc 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -30,6 +30,12 @@ func APIRegister(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(user.Password) > 72 {
+		log.Println("POST [api/register] User password too long")
+		http.Error(w, "Password exceeds the maximum allowed length of 72 characters", http.StatusUnprocessableEntity)
+		return
+	}
+
 	hashed, err := auth.HashPassword(user.Password)
 	if err != nil {
 		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())