Closed Bug 965917 Opened 10 years ago Closed 10 years ago

spaces in password results in unrecoverable account

Categories

(Cloud Services :: Server: Firefox Accounts, defect)

x86
Linux
defect
Not set
major

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: kthiessen, Unassigned)

References

Details

(Keywords: steps-wanted, Whiteboard: [qa+])

Using Desktop Nightly from 2014-01-28 on Linux against production servers.

After clicking the 'forgot password?' link and filling in my email address, I get a confirmation email, click the link, and change the password.

Next login, neither the old password nor the new one works.  I fear wonkiness in a password encryption routine somewhere.

The account in question is 'karlht+sync@gigdrag.net'.  I can supply old and new passwords on request.
Blocks: 905997
Whiteboard: [qa+]
QA Contact: jbonacci
I tried to reproduce this on latest nightly but things seemed to work OK for me.  We may need take a peek at your user record on the prod FxA server and see if anything looks fishy.  Gene, can you please grab the "accounts" table row for the above-mentioned email address?  I'll work through some debugging with Karl tomorrow.
Flags: needinfo?(gene)
Ryan, I've emailed you the record.
From talking to Karl - I believe there might be an issue with spaces in passwords. Changing the title.
Summary: Using 'forgot password' link leaves account in unrecoverable state → spaces in password results in unrecoverable account
I don't think I'm able to reproduce this on https://accounts-latest.dev.lcip.org/signin (FF Nightly on OSX)

I created a new account (peterdehaan+spaces@gmail.com) and a password of "one two three" (with spaces).
I'm able to log in, log out, log in, and then change my password to "one two three four", log out, and log back in using the new password (the old password says "invalid password").

-peter
I haven't been able to reproduce this either; will take another look at the account record today and see about another hypothesis.
clearing the needinfo flag for :gene.

Whatever's going on here, it's not just due to spaces in the password, as I've successfully reset and re-reset a password with spaces in it on several attempts.
Flags: needinfo?(gene)
karl, are you currently able to reproduce with the same account and/or others?
Keywords: steps-wanted
I'll try to repro this with a new account this afternoon; the old profile associated with 'karlht+sync at gigdrag.net' is still in an unrecoverable state, I'm pretty sure.
QA Contact: kthiessen
Depends on: 974545
A fix for your suspected issue landed in: https://github.com/mozilla/fxa-auth-server/pull/576.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
I can no longer reproduce this issue.  Marking as VERIFIED.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.