Invalid characters in password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Fix Released
|
Medium
|
Maximiliano Bertacchini | ||
Bug Description
Hello,
when I'm trying to reset my password for my Ubuntu One account via
https:/
getting the following error:
Invalid characters in password
Since there are no restrictions for valid characters in passwords
mentioned I believe this is a bug.
If this is intended it should be documented to reflect which characters
are allowed/forbidden.
The JS-based password strength checker is all green, after submitting
the form it complains with the error above.
I have tried setting the following passwords which were all not acccepted:
- ·ó®.~»]
- ÊØWä(\D¢
- íM_÷"%?
- ür§:##è"
- ({L-{"Ý;
Best regards,
Richard Schwab
Related branches
- Jonathan Hartley (community): Approve
-
Diff: 82 lines (+10/-9)3 files modifiedsrc/api/v10/tests/test_forms.py (+2/-2)
src/identityprovider/tests/test_forms.py (+3/-5)
src/identityprovider/validators.py (+5/-2)
| Daniel Manrique (roadmr) wrote | #1 |
| Changed in canonical-identity-provider: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Changed in canonical-identity-provider: | |
| status: | Triaged → In Progress |
| assignee: | nobody → Maximiliano Bertacchini (maxiberta) |
| Changed in canonical-identity-provider: | |
| status: | In Progress → Fix Committed |
| Changed in canonical-identity-provider: | |
| status: | Fix Committed → Fix Released |
In the validation code:
"
Validation is successful if:
- password contains at least 8 characters
- password contains only ascii characters
- password doesn't match leaked credentials for account
- password doesn't match leaked credentials for email
"
But you're right that the ascii character requirement is not surfaced to the user. I'll mark this as a bug needing fixing. Thanks!