STEPS TO REPRODUCE: 1. Start with an existing weave username > 8 chars long that you control. (I'm using "dholbert_test") 2. Visit https://services.mozilla.com/reset-password/ 3. Enter username + captcha. 4. Click the link in the email that you receive. 5. Type in **your username** as your new password. EXPECTED RESULT: Page reloads with a message along the lines of "Your password cannot be the same as your username." ACTUAL RESULT: Page reloads with this message: "Passwords must be at least 8 characters in length." (This is the wrong message to be displaying -- the password I gave *was* more than 8 characters in length! It was a stupid password, yes, but for different reasons. :))
Assignee: server-ops → telliott
Component: Server Operations: Weave → Server
Product: mozilla.org → Weave
QA Contact: mrz → server
Version: other → unspecified
The server is sending the 'Invalid Password' code back. We should add "at least 8 characters in length and cannot match your username"
Hmm, why are these the same consts?
Component: Server → Web Site
QA Contact: server → website
We've killed this in favour of the account portal. Given bug 600770, I suspect we'll still have the same bug there.
Assignee: mconnor → nobody
Component: Web Site → Server: Account Portal
QA Contact: website → account-portal
We do, it should say "at least 8 characters and not your username" Bug 600770 is different.
We're unlikely to make an update to the account portal, so accounts will soon be handled by browserid. Anyone who tries to use their username as their password deserves a lousy error response :P
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.