Logging in with long passwords does not work #52
Comments
|
Hmm, i have a 28 symbol long password and don't seem to have an issue, let me try this password to check |
Had no issue signing in on check account with this exact password |
|
Weird.. might have something to do with my instance? lemmy.world |
|
I just tried deleting the app and reinstalling it. Tried 3 different instances with my 128 char long passwords. Same issue. |
|
Do they have spaces in the front by any chance? |
|
nah my password manager does not generate spaces in my passwords. |
|
Even weirder |
|
Please don't tell me 128chars work for you? D: |
|
Let me check that generated 128 with bitdefender just now |
|
Works on lemmy.fmhy.ml. I'll check lemmy.world XD |
|
Reinstalled app completely to version 0.2.1+5 just in case I accidentally fixed the issue, but it works fine |
|
So the only common link here is my password manager. I use KeePass and never had such issues.. |
|
Hmm, interesting - I have not yet tested this but I dont see a reason why 128 char password shouldn't work. One guess is that maybe it could be a special character within the password that's causing the issues.. but if you're able to log in through the web ui, then that shouldn't be it |
|
So I tried using my password manager to fill out the password automatically. What a weird case.. |
|
That's weird especially because bitdefender generates 128chr password with all parameters And still worked fine |
|
I guess I will try myself as well and see if maybe I can recreate the issue |
|
@ShizuKoto For the instances that you've tried, could you let me know what they are if possible? Also would be good to know what version they're running on (that could be an underlying cause as well) |
|
So this is the password I just used on lemmy.world: (I changed it back to my previous password ofc) @hjiangsu I tried it on lemmy.world, lemmynsfw.com, reddthat.com |
|
|
|
|
|
Could be the way client sends query. You know like with sql injections. Some symbol causes the corruption of password |
|
Okay, so I just tried it with lemmy.ml with 128 char password using BitWarden to generate it and it seems to have logged in properly. Although, I did run it with a development build of the app, not v0.2.1+5. I'll try running it with a clean install of v0.2.1+5 and see if I can reproduce it |
I would agree with you but I already tried a pw with alphanumeric characters only. It does seem to be somehow connected to the length |
|
Can you try with this password? AJ7TvkZ3J#MXbnYxEse8kh8rYv9qTWr9tL7!e7EB!Ti6vMadjxxNpu@atPEw |
Just tried it again with v0.2.1+5 on iPhone running the app through TestFlight. I was still able to log in to my account so unfortunately, I havent been able to reproduce it yet |
this password works. Though I changed it a little just to be on the safe side ;D I didn't do it thru the pw manager tho, I actually just copy/pasted it. |
I dont think that's what's causing it since I also use just a username on some instances |
|
I think it might be just an issue with your password manager |
It's just so weird that it works fine even in Jerboa but not in Thunder. |
|
I think we're good - the pre-release version is here: https://github.com/hjiangsu/thunder/releases/tag/v0.2.1-prerelease%2B5 Test it out and see if it possibly fixes the issue. Do note that theres other features there which are currently in development (inbox, OLED theme, etc) so don't worry too much about those (since this was built off the |
"Password incorrect" 🙁 |
|
For the instance, I just type the instance name and extension, right? Aka "lemmy.ml" or "lemmy.world", etc? |
|
dang |
yeah, it should be |
|
What did I do:
|
|
That exact same procedure works fine with shorter passwords (e.g. 32 chars from earlier) |
|
Can you link the official link to KeePass for Mac here? I wanna make sure I have the correct version, then i'll do the steps you outlined |
|
Another clue: |
|
It must be connected to flutter then. |
Thats also based on Flutter... it could very well be a Flutter issue |
https://keepassxc.org/download/#macos this is the one I use. Just the latest release. |
|
Aha - i think i found out something interesting. I think the max cap length for passwords is 60 chars long. Try the following:
|
|
I noticed that when I saved my password, Bitwarden which is what I use, saved the password for the first 60 characters long, but not the rest. So then I tried to manually copy in the 128 char password and it said password incorrect. I tried it again with the 60 length password and it seemed to have worked |
|
I just looked at the source code for the password change field on the web-ui - it does seem to cap off at 60 chars 
|
Damn.. that's really the last thing I would've suspected |
Could you verify if this is indeed what is happening? Just making sure that what I mentioned is reproducible |
|
Yes, I can verify it working now. 60 chars is the limit. |
|
That sucks - this issue is now up to lemmy to fix themselves since it's out of my control. I will add in a max length of 60 for now to account for this issue, and will remove that restriction if lemmy decides to increase the limit in the future |
|
Yea, no, it's fine really. Now that we know it it shouldn't be an issue anymore. |
|
Added a commit to resolve this issue - this will be added in the next release! b87c5d8 |
|
Who should we chat with to fix this? Also, is 2FA going to be supported? |
|
(Also, your troubleshooting with us today was superb, thank you for your time and efforts) |
I think this would have to go directly to lemmy: https://github.com/LemmyNet/lemmy 2FA is not yet accounted for since I think that was a 0.18.0 feature, however, feel free to open up a separate issue so that it can be tracked (or someone can help pick it up!)
Just trying my best here :D |
|
So bitwarden actually helped thus time? LOL |
|
Confirmed that shortening the password to less than 60 characters solves this. Important note: when you log in to change your password on Lemmy, you must only enter 60 characters of your old password into the update field. It's pretty crazy, but it's what we have. |
|
I'll close this as the max password length limit has been released in the latest version v0.2.1+6 |
Description
When trying to login using a long password >13 chars the app just shows "wrong password".
How to Reproduce
Steps to reproduce the behavior:
Expected Behavior
The login should be successful
Device & App Version:
The text was updated successfully, but these errors were encountered: