Login - Entering incorrect and short password will return wrong error message #4292
Comments
|
Triggered auto assignment to @joelbettner ( |
|
The API's returning Status |
|
@isagoico just to confirm, this happened when you were attempting to log in with gI3utest@gmail.com, correct? (I can't tell if the second letter is a lower-case "L" or an upper-case "I") |
|
Mm let me confirm with the tester. I was also able to reproduce this with my account isagoicotest@gmail.com Edit: is a lowercase L |
|
I think I found the logs for this: I'm confused, though. It is showing that we threw a That leads me to believe that, even though the password is being entered, it is not being passed to the backend for authentication. However, if that were the case, nobody would be able to enter a password and log in. So...I'm really not sure what is causing this at the moment. |
|
This is also reproducible when entering 1 or 2 characters in the password field. As a side note, I'm also able to log with with my account (isagoicotest@gmail.com) when entering the correct password.
|
|
So, there is a threshold over which the correct error message is shown. I'll keep digging, but something funky is happening here... |
|
If I enter an incorrect password that is 3 characters or less I get the following message: If I enter an incorrect password that is 4 characters or more I get the correct error message: I would expect that I should not be getting that incorrect first message at all, because we have a minimum for the password length set in auth as 1 character: Request::verifyAttributeSize(request, "partnerUserSecret", 1, Request::MAX_SIZE_SMALL);void Request::verifyAttributeSize(const SData& request, const char* key, int64_t minSize, int64_t maxSize)
{
if (request[key].size() < (size_t) minSize) {
STHROW("402 Missing " + string(key));
} |
|
Ok...I've found out what is going on... The WAF is preventing passwords that are less than 4 characters from being passed from a client to the API, and in that case simply passes an empty password: I've got a fix coming... |
Jag96
added
Reviewing
|
@joelbettner issue is fixed! I think we are good to close this one 🎉 |
|
@joelbettner Uh oh! This issue is overdue by 2 days. Don't forget to update your issues! |
|
@joelbettner Still overdue 6 days?! Let's take care of this! |
|
@joelbettner 8 days overdue is a lot. Should this be a Weekly issue? If so, feel free to change it! |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Action Performed:
Expected Result:
User gets error saying password is incorrect or password is too short
Actual Result:
User gets 2FA error which is unrelated to the issue
Workaround:
N/A
Platform:
Where is this issue occurring?
Version Number: 1.0.81-2
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos:
Expensify/Expensify Issue URL:
View all open jobs on Upwork
The text was updated successfully, but these errors were encountered: