AUR web interface

Tasklist

FS#31855 - AUR password field doesn't warn if entering password longer than 32 char limit.

Attached to Project: AUR web interface
Opened by PiousMinion (PiousMinion) - Tuesday, 09 October 2012, 08:29 GMT
Last edited by Lukas Fleischer (lfleischer) - Sunday, 04 November 2012, 11:44 GMT
Task Type Bug Report
Category Backend
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Medium
Priority Normal
Reported Version 2.0.0-rc1
Due in Version 2.0.0
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

The password field on both the account creation page and change password page seemingly allow one to enter passwords longer than the invisable 32 character limit. My password is 36 characters apparently the html form blindly truncates the password to 32 characters. I ended up changing my password many times and remained unable to login until falconindy on freenode(irc) was kind enough to point me in the right direction.

Please increase the password length limit beyond 32 and/or provide a warning if a user tries to set a password larger than the limit.
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Sunday, 04 November 2012, 11:44 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 2.0.0.
Comment by Dave Reisner (falconindy) - Tuesday, 09 October 2012, 08:38 GMT
Or as I suggested on IRC, just remove this limit. Lukas, why do we have a limit at all if we're hashing passwords in the DB?
Comment by Lukas Fleischer (lfleischer) - Thursday, 11 October 2012, 19:26 GMT
  • Field changed: Due in Version (Undecided → 2.0.0)
Fixed in master [1].

[1] http://projects.archlinux.org/aur.git/commit/?id=24a8452880476201ab231b86f6a9cde1e74e107c

Loading...