FS#31855 : AUR password field doesn't warn if entering password longer than 32 char limit.

FS#31855 - AUR password field doesn't warn if entering password longer than 32 char limit.

Attached to Project: AUR web interface
Opened by PiousMinion (PiousMinion) - Tuesday, 09 October 2012, 08:29 GMT
Last edited by Lukas Fleischer (lfleischer) - Sunday, 04 November 2012, 11:44 GMT

Task Type	Bug Report
Category	Backend
Status	Closed
Assigned To	Lukas Fleischer (lfleischer)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version	2.0.0-rc1
Due in Version	2.0.0
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

The password field on both the account creation page and change password page seemingly allow one to enter passwords longer than the invisable 32 character limit. My password is 36 characters apparently the html form blindly truncates the password to 32 characters. I ended up changing my password many times and remained unable to login until falconindy on freenode(irc) was kind enough to point me in the right direction.

Please increase the password length limit beyond 32 and/or provide a warning if a user tries to set a password larger than the limit.

This task depends upon

Closed by Lukas Fleischer (lfleischer)
Sunday, 04 November 2012, 11:44 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 2.0.0.

Comment by Dave Reisner (falconindy) - Tuesday, 09 October 2012, 08:38 GMT

Or as I suggested on IRC, just remove this limit. Lukas, why do we have a limit at all if we're hashing passwords in the DB?

Comment by Lukas Fleischer (lfleischer) - Thursday, 11 October 2012, 19:26 GMT

Field changed: Due in Version (Undecided → 2.0.0)

Fixed in master [1].

[1] http://projects.archlinux.org/aur.git/commit/?id=24a8452880476201ab231b86f6a9cde1e74e107c

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#31855 - AUR password field doesn't warn if entering password longer than 32 char limit.

Details

Loading...