Instead of returning HTTP 500 (ISE), the simplest fix is to just return HTTP 400. Lets be fair, if a deployer configures a longer maxium password than passlib can handle, it's either a 500 or a 400. In this case we can determine what the correct size would be and we should raise up a 400 Bad Request.
This is an edge case, but handling it elegantly is better than letting it just fail in an ugly way.
Instead of returning HTTP 500 (ISE), the simplest fix is to just return HTTP 400. Lets be fair, if a deployer configures a longer maxium password than passlib can handle, it's either a 500 or a 400. In this case we can determine what the correct size would be and we should raise up a 400 Bad Request.
This is an edge case, but handling it elegantly is better than letting it just fail in an ugly way.