need to return a different const if password == username

RESOLVED DUPLICATE of bug 587867

Status

RESOLVED DUPLICATE of bug 587867
8 years ago
7 years ago

People

(Reporter: mconnor, Unassigned)

Tracking

unspecified
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
WEAVE_ERROR_BAD_PASSWORD_STRENGTH is not a useful const here.
well, technically it is. Using your username will, in fact, generate a very weak password :)

I don't think we need to differentiate here. When we come across the constant, we should just say "here are the rules. stop hurting them"
(Reporter)

Comment 2

8 years ago
I don't see why we wouldn't differentiate here.  Are we worried about running out of response codes?
There are costs in terms of all the frontends having to implement another path, but they're not high. On the flip side, there's some cost in not presenting all the password requirements at once, since someone is more likely to trip over a second one once they've fulfilled a first. Given that, I slightly favor the solution that introduces less complexity, but don't really care enough to fight stronger preferences.
To clarify: Is this bug "reject passwords that match the username and/or email address of the user", or is this bug "change the error code returned when we reject by the above conditions"?
The latter.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 587867
You need to log in before you can comment on or make changes to this bug.