Closed Bug 1749944 Opened 3 years ago Closed 3 years ago

Password too long

Categories

(bugzilla.mozilla.org :: General, enhancement)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
enhancement

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

Steps to reproduce:

I was forced to make a new password when logging on. So I generated a new password based on the old one in KeePass.

Actual results:

I got the error "Password too long"

Expected results:

A message how long my password is actually allowed to be, now I had to choose one that barely qualified the minimum requirements just to be sure.

The maximum password length is 1000 characters:
https://github.com/mozilla-bteam/bmo/blob/c279ca21949d4eb98bf97a35d03f73fde0c5ef70/Bugzilla.pm#L234
$params->{passwdqc_max} is currently set to 1000.

I've checked and running the passwdqc standalone functions as expected: accepting an 800 character password, and rejecting a 2000 character password.

I see the following in your account history:
[password_change_reason] Inactive Account → You must change your password for the following reason: too long
That comes from https://github.com/mozilla-bteam/bmo/blob/c279ca21949d4eb98bf97a35d03f73fde0c5ef70/Bugzilla/Auth/Verify/DB.pm#L75

Here's the log entry of the request from your browser setting the password:
"POST /reset_password.cgi HTTP/1.1" 200 14218 "https://bugzilla.mozilla.org/reset_password.cgi?(redacted)" …

Of note is 14218 - that's the size of the request submitted. It appears that you accidentally tried to set your password to one that was over 1000 characters long.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.