Closed Bug 1309940 Opened 9 years ago Closed 9 years ago

Fx accounts are not blocked after several attempts to enter wrong passwords

Categories

(Firefox :: Firefox Accounts, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
Tracking Status
firefox49 --- affected
firefox50 --- affected
firefox51 --- affected
firefox52 --- affected

People

(Reporter: phorea, Unassigned)

Details

[Affected versions]: - Nightly 52.0a1, Aurora 51.0a2, 50 Beta 6 [Affected platforms]: - Win 10 64-bit - Mac OS X 10.11 [Steps to reproduce]: 1. Go to https://accounts.firefox.com/signup 2. Create a new account (I used a @mailinator.com email address) 3. Validate the account using the link from the email 4. Select Sign Out from account's settings 5. On the Sign In page, repeatedly enter a wrong password [Expected result]: - "You've tried too many times. Try again in 15 minutes." should be displayed and the account should be blocked for that time period. [Actual result]: - The account is not blocked, "Incorrect password" is displayed no matter how many times user enters a wrong password (Browser console: 19:46:06.979 Incorrect password 1 bdff29e6.main.js:17) [Regression range]: - This is not a Firefox regression, old versions are not affected so it could be server side.
I get blocked after a few attempts.
In a private issue (and without giving too many details) :jrgm pointed out that we have some special handling of QA-related accounts that likely explains this. We'll see about removing them with our next deploy and it should resolve this.
ni?=myself to report back on the results of this
Flags: needinfo?(rfkelly)
I could reproduce this also with @gmail.com and @softvision.ro accounts.
Actually, I'm going to switch the ni? to :jrgm - John, could you please comment here when the config fix hits production, and Petruta can try again?
Flags: needinfo?(rfkelly) → needinfo?(jrgm)
FWIW, I can't reproduce this with a gmail address - after a few attempts I get "You've tried too many times. Try again in 15 minutes."
This change is in production, and the config entry removed. Marking Fixed. :petruta can you re-check your STR now.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED
This works fine now, @mailinator.com, @softvision.ro, @yahoo, and @gmail.com addresses are locket out.
Status: RESOLVED → VERIFIED
Product: Core → Firefox
You need to log in before you can comment on or make changes to this bug.