Closed
Bug 959794
Opened 11 years ago
Closed 11 years ago
Validate password length
Categories
(Firefox for Android Graveyard :: Android Sync, defect)
Tracking
(firefox29 verified)
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
firefox29 | --- | verified |
People
(Reporter: pdehaan, Unassigned)
References
Details
(Whiteboard: [qa+])
Attachments
(1 file)
88.67 KB,
image/png
|
Details |
Steps to reproduce:
1. Download and install http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/nalexander@mozilla.com-60c48d4ed251/try-android/
2. Goto (Android) Settings > Accounts > Add account > Firefox Account
3. Enter a valid email address format (peter@foo.com)
4. Enter a short password "ab".
5. Click the Create Account button.
Actual results:
Account is seemingly created with an invalid password length.
Expected results:
We should validate password length locally before sending to server and display a solid error message.
Comment 1•11 years ago
|
||
Chris, is there a defined minimum password length for FxA?
Flags: needinfo?(ckarlof)
OS: Mac OS X → Android
Hardware: x86 → All
Summary: must validate minimum password length → Validate password length
Comment 3•11 years ago
|
||
Tracking issue for FxA for the Web: https://github.com/mozilla/fxa-content-server/issues/110
Comment 4•11 years ago
|
||
Should be fixed by Bug 951304. QA verification appreciated.
On create, the button should be disabled until the password is >= 8 characters long. When signing in, the button should be disabled until the password is >= 1 character long. This choice was made because the mocks I have don't show text about password length on sign in, and it's very strange to not have the button enabled immediately.
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Comment 6•11 years ago
|
||
"No additional restrictions." -- does that mean no max length?
Flags: needinfo?(ckarlof)
Updated•11 years ago
|
Comment 7•11 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #6)
> "No additional restrictions." -- does that mean no max length?
We could consider doing that, but we send over a fixed length hash of the password to the FxA auth server, so there aren't DOS issues related to long passwords.
I don't see much upside in a max password length restriction at this point, other than preventing the user from creating a bad UX for themselves by choosing a 1000 char password.
Flags: needinfo?(ckarlof)
Updated•7 years ago
|
Product: Android Background Services → Firefox for Android
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•