fix(core): Enhance password validation strategy with maxLength option and set default maxLength

packages/core/src/config/auth/default-password-validation-strategy.ts

@@ -16,15 +16,20 @@ import { PasswordValidationStrategy } from './password-validation-strategy';
  * @since 1.5.0
  */
 export class DefaultPasswordValidationStrategy implements PasswordValidationStrategy {
-    constructor(private options: { minLength?: number; regexp?: RegExp }) {}
+    constructor(private options: { minLength?: number; maxLength?: number; regexp?: RegExp }) {}
 
     validate(ctx: RequestContext, password: string): boolean | string {
-        const { minLength, regexp } = this.options;
+        const { minLength, maxLength, regexp } = this.options;
         if (minLength != null) {
             if (password.length < minLength) {
                 return false;
             }
         }
+        if (maxLength != null) {
+            if (password.length > maxLength) {
+                return false;
+            }
+        }
         if (regexp != null) {
             if (!regexp.test(password)) {
                 return false;

packages/core/src/config/default-config.ts

@@ -111,7 +111,7 @@ export const defaultConfig: RuntimeVendureConfig = {
         adminAuthenticationStrategy: [new NativeAuthenticationStrategy()],
         customPermissions: [],
         passwordHashingStrategy: new BcryptPasswordHashingStrategy(),
-        passwordValidationStrategy: new DefaultPasswordValidationStrategy({ minLength: 4 }),
+        passwordValidationStrategy: new DefaultPasswordValidationStrategy({ minLength: 4, maxLength: 72 }),
         verificationTokenStrategy: new DefaultVerificationTokenStrategy(),
     },
     catalogOptions: {