register_user will fail with 'Invalid characters in password' when using a strong password

On 01/25/2012 06:04 AM, Natalia Bidart wrote:
> Public bug reported:
>
> I tried to register a user using the following password:
>
> 1234567U拉尼娜琳达
>
> (which has more than 7 letters, at least one number, at least on
> uppercase)
>
> and the answer I received was:
>
> {u'status': u'error', u'errors': {u'password': [u'Invalid characters in
> password']}}

This would be a good place for us to start reading to make sure we get
the HTML and HTTP stuff correct:

http://www.w3.org/TR/html4/interact/forms.html#adef-accept-charset

The requirements have changed, now passwords need to be at least 8 characters long, but specifically need to contain only characters representable as 7-bit ascii. No case-changing or numbers are required anymore.

So the given password (1234567U拉尼娜琳达) will fail to validate due to the chinese characters. FWIW, something like "fantástico" also doesn't validate due to the à character.

The 7-bit ascii requirement is noted in the validation code but is never explicitly mentioned to the user; we simply say "password has invalid characters".

This appears to be "by design" so for this bug, it'd be good to know if that design decision should be explicitly changed to allow non-ascii characters, or kept but perhaps explained better, either in the error messages (password contain invalid characters - please use only letters a-z with no accents, numbers, spaces, oh boy I can see how this explanation could quickly become complicated without resorting to "please don't use anything over ascii code 128") or in the registration and password change forms (we go back to the "don't present user with a wall of text to read" problem).

I'll set to incomplete since, although this behavior mostly still happens, some definition is needed on how to proceed.