WEAVE_ERROR_BAD_PASSWORD_STRENGTH is not a useful const here.
well, technically it is. Using your username will, in fact, generate a very weak password :) I don't think we need to differentiate here. When we come across the constant, we should just say "here are the rules. stop hurting them"
I don't see why we wouldn't differentiate here. Are we worried about running out of response codes?
There are costs in terms of all the frontends having to implement another path, but they're not high. On the flip side, there's some cost in not presenting all the password requirements at once, since someone is more likely to trip over a second one once they've fulfilled a first. Given that, I slightly favor the solution that introduces less complexity, but don't really care enough to fight stronger preferences.
To clarify: Is this bug "reject passwords that match the username and/or email address of the user", or is this bug "change the error code returned when we reject by the above conditions"?
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 587867
You need to log in before you can comment on or make changes to this bug.