bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Fx accounts are not blocked after several attempts to enter wrong passwords




Firefox Accounts
2 years ago
8 months ago


(Reporter: Petruta Rasa [Away. Please needinfo? bogdan.maris@softvision.ro], Unassigned)



Firefox Tracking Flags

(firefox49 affected, firefox50 affected, firefox51 affected, firefox52 affected)


[Affected versions]:
- Nightly 52.0a1, Aurora 51.0a2, 50 Beta 6

[Affected platforms]:
- Win 10 64-bit
- Mac OS X 10.11

[Steps to reproduce]:
1. Go to https://accounts.firefox.com/signup
2. Create a new account (I used a @mailinator.com email address)
3. Validate the account using the link from the email
4. Select Sign Out from account's settings
5. On the Sign In page, repeatedly enter a wrong password 

[Expected result]:
- "You've tried too many times. Try again in 15 minutes." should be displayed and the account should be blocked for that time period.

[Actual result]:
- The account is not blocked, "Incorrect password" is displayed no matter how many times user enters a wrong password (Browser console: 19:46:06.979 Incorrect password 1 bdff29e6.main.js:17)

[Regression range]:
- This is not a Firefox regression, old versions are not affected so it could be server side.
I get blocked after a few attempts.
In a private issue (and without giving too many details) :jrgm pointed out that we have some special handling of QA-related accounts that likely explains this.  We'll see about removing them with our next deploy and it should resolve this.
ni?=myself to report back on the results of this
Flags: needinfo?(rfkelly)
I could reproduce this also with @gmail.com and @softvision.ro accounts.
Actually, I'm going to switch the ni? to :jrgm - John, could you please comment here when the config fix hits production, and Petruta can try again?
Flags: needinfo?(rfkelly) → needinfo?(jrgm)
FWIW, I can't reproduce this with a gmail address - after a few attempts I get "You've tried too many times. Try again in 15 minutes."
This change is in production, and the config entry removed. Marking Fixed. :petruta can you re-check your STR now.
Last Resolved: 2 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED
This works fine now, @mailinator.com, @softvision.ro, @yahoo, and @gmail.com addresses are locket out.


8 months ago
Product: Core → Firefox
You need to log in before you can comment on or make changes to this bug.