Closed
Bug 1309940
Opened 8 years ago
Closed 8 years ago
Fx accounts are not blocked after several attempts to enter wrong passwords
Categories
(Firefox :: Firefox Accounts, defect)
Firefox
Firefox Accounts
Tracking
()
People
(Reporter: phorea, Unassigned)
Details
[Affected versions]: - Nightly 52.0a1, Aurora 51.0a2, 50 Beta 6 [Affected platforms]: - Win 10 64-bit - Mac OS X 10.11 [Steps to reproduce]: 1. Go to https://accounts.firefox.com/signup 2. Create a new account (I used a @mailinator.com email address) 3. Validate the account using the link from the email 4. Select Sign Out from account's settings 5. On the Sign In page, repeatedly enter a wrong password [Expected result]: - "You've tried too many times. Try again in 15 minutes." should be displayed and the account should be blocked for that time period. [Actual result]: - The account is not blocked, "Incorrect password" is displayed no matter how many times user enters a wrong password (Browser console: 19:46:06.979 Incorrect password 1 bdff29e6.main.js:17) [Regression range]: - This is not a Firefox regression, old versions are not affected so it could be server side.
Comment 1•8 years ago
|
||
I get blocked after a few attempts.
Comment 2•8 years ago
|
||
In a private issue (and without giving too many details) :jrgm pointed out that we have some special handling of QA-related accounts that likely explains this. We'll see about removing them with our next deploy and it should resolve this.
Reporter | ||
Comment 4•8 years ago
|
||
I could reproduce this also with @gmail.com and @softvision.ro accounts.
Comment 5•8 years ago
|
||
Actually, I'm going to switch the ni? to :jrgm - John, could you please comment here when the config fix hits production, and Petruta can try again?
Flags: needinfo?(rfkelly) → needinfo?(jrgm)
Comment 6•8 years ago
|
||
FWIW, I can't reproduce this with a gmail address - after a few attempts I get "You've tried too many times. Try again in 15 minutes."
Comment 7•8 years ago
|
||
This change is in production, and the config entry removed. Marking Fixed. :petruta can you re-check your STR now.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED
Reporter | ||
Comment 8•8 years ago
|
||
This works fine now, @mailinator.com, @softvision.ro, @yahoo, and @gmail.com addresses are locket out.
Status: RESOLVED → VERIFIED
Updated•7 years ago
|
Product: Core → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•