Closed Bug 1309940 Opened 8 years ago Closed 8 years ago

Fx accounts are not blocked after several attempts to enter wrong passwords

Categories

(Firefox :: Firefox Accounts, defect)

Product:
Firefox
Component:
Firefox Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox49 --- affected
firefox50 --- affected
firefox51 --- affected
firefox52 --- affected

People

(Reporter: phorea, Unassigned)

Details

[Affected versions]:
- Nightly 52.0a1, Aurora 51.0a2, 50 Beta 6

[Affected platforms]:
- Win 10 64-bit
- Mac OS X 10.11

[Steps to reproduce]:
1. Go to https://accounts.firefox.com/signup
2. Create a new account (I used a @mailinator.com email address)
3. Validate the account using the link from the email
4. Select Sign Out from account's settings
5. On the Sign In page, repeatedly enter a wrong password 

[Expected result]:
- "You've tried too many times. Try again in 15 minutes." should be displayed and the account should be blocked for that time period.

[Actual result]:
- The account is not blocked, "Incorrect password" is displayed no matter how many times user enters a wrong password (Browser console: 19:46:06.979 Incorrect password 1 bdff29e6.main.js:17)

[Regression range]:
- This is not a Firefox regression, old versions are not affected so it could be server side.
I get blocked after a few attempts.
In a private issue (and without giving too many details) :jrgm pointed out that we have some special handling of QA-related accounts that likely explains this.  We'll see about removing them with our next deploy and it should resolve this.
ni?=myself to report back on the results of this
Flags: needinfo?(rfkelly)
I could reproduce this also with @gmail.com and @softvision.ro accounts.
Actually, I'm going to switch the ni? to :jrgm - John, could you please comment here when the config fix hits production, and Petruta can try again?
Flags: needinfo?(rfkelly) → needinfo?(jrgm)
FWIW, I can't reproduce this with a gmail address - after a few attempts I get "You've tried too many times. Try again in 15 minutes."
This change is in production, and the config entry removed. Marking Fixed. :petruta can you re-check your STR now.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED
This works fine now, @mailinator.com, @softvision.ro, @yahoo, and @gmail.com addresses are locket out.
Status: RESOLVED → VERIFIED
Product: Core → Firefox
You need to log in before you can comment on or make changes to this bug.