USER_PASSWORD_MAX_LENGTH is no longer needed

RESOLVED FIXED in Bugzilla 3.6

Status

()

Bugzilla
User Accounts
--
enhancement
RESOLVED FIXED
9 years ago
7 years ago

People

(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)

Tracking

Bugzilla 3.6
Dependency tree / graph
Bug Flags:
approval +

Details

Attachments

(2 attachments)

(Assignee)

Description

9 years ago
The limit of 16 characters for passwords appeared in v1.1 of editusers.cgi, with no explanation. Maybe it was related to the fact that the MySQL ENCRYPT() function, which was the first method to be used to encrypt passwords in Bugzilla, used the UNIX crypt() method, which itself ignores everything after the 8th character. And so passwords longer than <strike>8</strike> 16 characters weren't useful.

Now that Bugzilla uses SHA-256 to store passwords instead of crypt(), see bug 211006, it makes sense to accept passwords longer than 16 characters. AFAIK, there is technically no reason to restrict the max length as SHA-256 takes the whole password into account, and so this constant can go away as soon as bug 211006 is checked in.
(Assignee)

Comment 1

8 years ago
Created attachment 392918 [details] [diff] [review]
patch, v1
Assignee: user-accounts → LpSolit
Status: NEW → ASSIGNED
Attachment #392918 - Flags: review?(dkl)
(Assignee)

Updated

8 years ago
Target Milestone: --- → Bugzilla 3.6

Updated

8 years ago
Attachment #392918 - Flags: review?(dkl) → review+
Comment on attachment 392918 [details] [diff] [review]
patch, v1

As this is mostly removal of code then the coding style looks good to me ;) Also it works as expected as accepts really long passwords properly.

r=dkl
(Assignee)

Updated

8 years ago
Flags: approval+
(Assignee)

Comment 3

8 years ago
Checking in Bugzilla/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Constants.pm,v  <--  Constants.pm
new revision: 1.114; previous revision: 1.113
done
Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v  <--  User.pm
new revision: 1.191; previous revision: 1.190
done
Checking in Bugzilla/WebService/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v  <--  Constants.pm
new revision: 1.27; previous revision: 1.26
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v  <--  user-error.html.tmpl
new revision: 1.284; previous revision: 1.283
done
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Comment 4

8 years ago
We should relnote that passwords can now be longer than 16 characters
Keywords: relnote

Comment 5

8 years ago
You forgot to remove the POD from Bugzilla::WebService::User that references the 503 error. (You should also update the History for the appropriate method, noting that it used to throw 503, Password Too Long before  Bugzilla 3.6.)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 6

8 years ago
Also, please leave a comment in Bugzilla::WebService::Constants about what the 503 error was. There is a note about this in Bugzilla::WebService::Constants itself.
(Assignee)

Comment 7

8 years ago
Created attachment 393459 [details] [diff] [review]
fix POD, v1
Attachment #393459 - Flags: review?(dkl)
Comment on attachment 393459 [details] [diff] [review]
fix POD, v1

Looks good. r=dkl
Attachment #393459 - Flags: review?(dkl) → review+
(Assignee)

Comment 9

8 years ago
Checking in Bugzilla/WebService/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v  <--  Constants.pm
new revision: 1.28; previous revision: 1.27
done
Checking in Bugzilla/WebService/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/User.pm,v  <--  User.pm
new revision: 1.15; previous revision: 1.14
done
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED
(Assignee)

Updated

8 years ago
Duplicate of this bug: 544114

Comment 11

8 years ago
Added to the release notes in bug 547466.
Keywords: relnote
(Assignee)

Updated

7 years ago
Blocks: 595664
(Assignee)

Updated

7 years ago
Blocks: 575340
You need to log in before you can comment on or make changes to this bug.