447954 - "Forgot Password" page allows password to be set same as passphrase

Status: RESOLVED FIXED

(Cloud Services :: General, defect, P3)

Description

[Nirbheek Chauhan]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1

The password and passphrase cannot be same; and the new account wizard makes sure this is satisfied. However, the "Forgot Password" page on http://services.mozilla.org accepts any password, and the password can be set to be the same as the passphrase.

After this, the sign-in box does not allow the login since the password and passphrase should not be the same (but they are now).

Reproducible: Always

Steps to Reproduce:
1. Use the "Forgot Password" link on services.mozilla.org to make the password and passphrase the same
2. Try to login to weave with the new set of credentials
Actual Results:  
The Sign-in box doesn't even try to login and errors out saying that the two cannot be the same.

Expected Results:  
The bug is at ONE of the following places:
- The "Forgot Password" page which lets me set them the same
- The sign-in box which doesn't even try to login with the credentials
- The fact that password and passphrase cannot be the same. This is difficult to test for in some cases, as shown by this bug report.

Comment 1

[Dan Mills [:thunder]]

We don't know the passphrase, so we can't make this a failure.  We should add a warning to the page, however, since the client will not work if they are.

Comment 2

[Dan Mills [:thunder]]

I've cleaned up that page and added a warning.