Open Bug 1691427 Opened 4 years ago Updated 3 years ago

[costco.com][Register] Generated Password is not detected by the new-password requirements validation

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P3)

Product:
Toolkit
Component:
Password Manager: Site Compatibility
Platform:
Desktop
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox85 --- affected
firefox86 --- affected
firefox87 --- affected
firefox89 --- affected
firefox90 --- affected
firefox91 --- affected

People

(Reporter: tbabos, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug,
URL
)

Details

Attachments

(1 file)

PasswordGeneration
2.17 MB, video/quicktime
Details
Attached video PasswordGeneration

Affected Versions:

  • Nigthly 87.0a1 (2021-02-08)
  • Beta 86.0b5
  • Release 85.0

Tested On:

  • MacOS 10.15

Steps to Reproduce:

  • Go to costco.com register form
  • Click on the password field and choose to generate a password

Expected:
The password requirements validation should recognize the generated password and validate it.

Actual:
Password strength is analyzed as "too short".

Notes:

  • Reproducible on Chrome? NO
  • Regression-range: not a regression, can be reproduced back to FX70
  • Severity: strangely and somehow luckily the form can be submitted even if the password requirements are not met so the users are not blocked on the registration form by using the generated password option, S3.

Due to Costco's form validation, a user cannot paste in passwords. The only time the form reacts is on keyup, i.e. when we generate a password, we will never trip the form validation (since we aren't sending a keyup event...and I don't think we should be sending that event in this case) and so the "Password Strength: Too Short" message will always be displayed. If Chrome had a password generator that worked like ours on this page, it would behave in the same way.

I think we'll need someone to reach out to Costco and see if they are willing to fix this

I tested Chrome's password generation feature, it doesn't have this problem.
After selecting "use suggested password", the focus moves to "Why?". I guess they probably send extra key events after filling the field (See Bug 1683413).

In order to resolve this bug, we will need to either fire additional events (such as keyup) when autofilling the password or Costco will need to change their form validation and/or allow users to paste passwords into the password fields.

Priority: -- → P3
Depends on: 1198363
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: