treehouse
/
mastodon
21
8
Fork 5
Code Issues 32 Pull Requests Projects 1 Releases Wiki Activity

Sign-up form password field char limit inconsistency #22

New Issue
Open
opened 2022-11-25 06:05:46 +00:00 by simonxciv · 4 comments
simonxciv commented 2022-11-25 06:05:46 +00:00

When signing up via /auth/sign_up, the password field has maxlength="72" set, however the password confirmation field does not. When filled with a password manager defaulting to a > 72 char password, the password gets truncated in the first field and not the second, resulting in a mismatch that's not evident until the submission fails.

Some client-side validation + adding maxlength attribute on the confirmation field would fix this 😃

When signing up via /auth/sign_up, the password field has `maxlength="72"` set, however the password confirmation field does not. When filled with a password manager defaulting to a > 72 char password, the password gets truncated in the first field and not the second, resulting in a mismatch that's not evident until the submission fails. Some client-side validation + adding maxlength attribute on the confirmation field would fix this 😃
Rin added the
type/bug
area/ux
 labels 2022-11-25 06:06:24 +00:00
kouhai was assigned by Rin 2022-11-25 06:06:44 +00:00
Rin self-assigned this 2022-11-25 06:06:44 +00:00
Rin commented 2022-11-25 06:26:35 +00:00
Owner

File at fault is app/views/auth/passwords/edit.html.haml. Working on a fix.

File at fault is `app/views/auth/passwords/edit.html.haml`. Working on a fix.
Rin commented 2022-11-25 11:05:27 +00:00
Owner

Side note @ariadne , do you know if there's any technical reason we're limiting password length to 72 characters?

Side note @ariadne , do you know if there's any technical reason we're limiting password length to 72 characters?
ariadne commented 2022-12-02 06:40:55 +00:00
Owner

No reason for the limit tbh, the password is hashed.

No reason for the limit tbh, the password is hashed.
Rin commented 2022-12-05 06:00:07 +00:00
Owner

https://github.com/mastodon/mastodon/issues/13152 screams
Okay, this will require a hair more thought.

https://github.com/mastodon/mastodon/issues/13152 *screams* Okay, this will require a hair more thought.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
main-rebase-security-fix
main-rebase
streaming-builds
th-new
lolsob-rspec
that-one-spammer
test-faster-builds
main-unfiltered
treehouse-vagrant
fix/password-length
roof/22-11-24-misc
glitch/v1.2.2
glitch/v1.2.1
glitch/v1.2
glitch/v1.1.2
glitch/v1.1.1
glitch/v1.1
glitch/v1.0
glitch/v0.9.9
glitch/v0.9
glitch/v0.8
glitch/v0.7
glitch/v0.6
glitch/v0.1.2
glitch/v0.1.1
glitch/v0.1.0
Labels
Clear labels
  
area/i18n

Internationalization   
area/infrastructure

Infrastructure and operations   
area/moderation & safety
   
area/ux

User experience   
priority/1.high
   
priority/2.medium
   
priority/3.low
   
tag/upstream issue

This issue should be filed against upstream   
tag/duplicate

This issue or pull request already exists   
tag/help wanted

Feedback and pull requests welcome!   
tag/invalid

Something is wrong   
tag/won't fix

This won't be fixed   
type/bug

Something is not working   
type/enhancement

New feature   
type/question

More information is needed
No Label
area/i18n
area/infrastructure
area/moderation & safety
area/ux
priority/1.high
priority/2.medium
priority/3.low
tag/upstream issue
tag/duplicate
tag/help wanted
tag/invalid
tag/won't fix
type/bug
type/enhancement
type/question
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
kouhai
Rin
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: treehouse/mastodon#22
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?