added string length checks on all request objects that store the given data.

src/Api/Models/Request/Accounts/EmailRequestModel.cs

@@ -6,10 +6,13 @@ namespace Bit.Api.Models
     {
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string NewEmail { get; set; }
         [Required]
+        [StringLength(300)]
         public string MasterPasswordHash { get; set; }
         [Required]
+        [StringLength(300)]
         public string NewMasterPasswordHash { get; set; }
         [Required]
         public string Token { get; set; }

src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs

@@ -6,8 +6,10 @@ namespace Bit.Api.Models
     {
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string NewEmail { get; set; }
         [Required]
+        [StringLength(300)]
         public string MasterPasswordHash { get; set; }
     }
 }

src/Api/Models/Request/Accounts/PasswordHintRequestModel.cs

@@ -6,6 +6,7 @@ namespace Bit.Api.Models
     {
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string Email { get; set; }
     }
 }

src/Api/Models/Request/Accounts/PasswordRequestModel.cs

@@ -5,8 +5,10 @@ namespace Bit.Api.Models
     public class PasswordRequestModel
     {
         [Required]
+        [StringLength(300)]
         public string MasterPasswordHash { get; set; }
         [Required]
+        [StringLength(300)]
         public string NewMasterPasswordHash { get; set; }
         [Required]
         public CipherRequestModel[] Ciphers { get; set; }

src/Api/Models/Request/Accounts/RegisterRequestModel.cs

@@ -8,12 +8,16 @@ namespace Bit.Api.Models
         [Required]
         public string Token { get; set; }
         [Required]
+        [StringLength(50)]
         public string Name { get; set; }
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string Email { get; set; }
         [Required]
+        [StringLength(300)]
         public string MasterPasswordHash { get; set; }
+        [StringLength(50)]
         public string MasterPasswordHint { get; set; }
 
         public User ToUser()

src/Api/Models/Request/Accounts/RegisterTokenRequestModel.cs

@@ -6,6 +6,7 @@ namespace Bit.Api.Models
     {
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string Email { get; set; }
     }
 }

src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs

@@ -6,7 +6,9 @@ namespace Bit.Api.Models
     public class UpdateProfileRequestModel
     {
         [Required]
+        [StringLength(50)]
         public string Name { get; set; }
+        [StringLength(50)]
         public string MasterPasswordHint { get; set; }
         [Required]
         [RegularExpression("^[a-z]{2}-[A-Z]{2}$")]

src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs

@@ -9,6 +9,7 @@ namespace Bit.Api.Models
         public string MasterPasswordHash { get; set; }
         [Required]
         public bool? Enabled { get; set; }
+        [StringLength(50)]
         public string Token { get; set; }
 
         public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)

src/Api/Models/Request/Auth/AuthTokenRequestModel.cs

@@ -6,6 +6,7 @@ namespace Bit.Api.Models
     {
         [Required]
         [EmailAddress]
+        [StringLength(50)]
         public string Email { get; set; }
         [Required]
         public string MasterPasswordHash { get; set; }

src/Api/Models/Request/Ciphers/CipherRequestModel.cs

@@ -13,18 +13,25 @@ namespace Bit.Api.Models
         public CipherType Type { get; set; }
 
         [Required]
+        [StringLength(36)]
         public string Id { get; set; }
+        [StringLength(36)]
         public string FolderId { get; set; }
         [Required]
         [EncryptedString]
+        [StringLength(300)]
         public string Name { get; set; }
         [EncryptedString]
+        [StringLength(5000)]
         public string Uri { get; set; }
         [EncryptedString]
+        [StringLength(200)]
         public string Username { get; set; }
         [EncryptedString]
+        [StringLength(300)]
         public string Password { get; set; }
         [EncryptedString]
+        [StringLength(5000)]
         public string Notes { get; set; }
 
         public virtual Site ToSite(string userId = null)

src/Api/Models/Request/Folders/FolderRequestModel.cs

@@ -9,6 +9,7 @@ namespace Bit.Api.Models
     {
         [Required]
         [EncryptedString]
+        [StringLength(300)]
         public string Name { get; set; }
 
         public Folder ToFolder(string userId = null)

src/Api/Models/Request/Sites/SiteRequestModel.cs

@@ -7,19 +7,25 @@ namespace Bit.Api.Models
 {
     public class SiteRequestModel
     {
+        [StringLength(36)]
         public string FolderId { get; set; }
         [Required]
         [EncryptedString]
+        [StringLength(300)]
         public string Name { get; set; }
         [Required]
         [EncryptedString]
+        [StringLength(5000)]
         public string Uri { get; set; }
         [EncryptedString]
+        [StringLength(200)]
         public string Username { get; set; }
         [Required]
         [EncryptedString]
+        [StringLength(300)]
         public string Password { get; set; }
         [EncryptedString]
+        [StringLength(5000)]
         public string Notes { get; set; }
 
         public Site ToSite(string userId = null)