Cannot log into player using passwords with certain characters #161
Comments
|
Sounds like this: https://community.resonate.is/t/login-issue-on-website-since-ive-created-an-account/2066/5?u=fgblomqvist |
|
Yes, that looks like it. Sorry I didn't find that issue. Although, one commenter seems to indicate a shorter password helped. I can confirm that was not my problem, my password is 32 characters alphanumeric, and it works (and someone in a linked issue here used 64 characters). The issue was the various kinds of quotes I had in it. |
|
All good. I'm sure it's just the special chars (like you've said) that is the issue. |
|
May not be related, but this week @auggod discovered a bug in the initial account setup and fixed it. In general, login functionality should be much improved. Although I believe certain special characters, in particular ' " are still not allowed. Appreciate both of y'alls attention on this! 🙏 |
|
I used a simple alphanumeric password to set up my account with no special symbols, but also have this problem. Whenever I try to login nothing happens, and I am simply redirected to the player page without having been logged in. |
|
That sounds like a different problem from me and the one I split this from. This ticket is explicitly about the non-alphanumeric passwords. I'm no authority but it seems like you should create a new ticket. |
|
We're using this golang library to verify hashes from wordpress. I always have suspected this is the issue. |
|
One of the main issues here is the poor UX if you have rejected cookies. I also struggled for days with this flow (and I'm a devops-type person, not an average joe). The flow goes something like this :
IMO this is a fairly cut and dried case of the login cookie should be an "Essential" cookie, and therefore "deny cookies" should be "deny non-essential cookies" and also the messaging should be clearer, like "Enable cookies(hyperlink to the choice window) and login to listen to the full song". |
Operating system
Linux
Browser name and version
Firefox 96, Chrome
Expected behavior
I can log into the player with the same email+password as my account following whatever password rules account creation enforces.
Actual behavior
I can log into my account but not the player when I use certain (unknown) characters in my password. On the player, I get the error message "If you just signed up or changed your password, please try again in a few seconds…" even if I wait hours.
The server response is an HTTP 400 with the payload
{"message":"Unauthorized","status":400}This is the same response as simply using the wrong password (e.g. asdf).
The problem is not related to JSON encoding on the client side, the POST request is correctly JSON encoded (and decodes correctly too).
Steps to reproduce behavior
I'm not really concerned with what the password rules are, but they need to be consistent between the account and player. As a new user, I created an account and immediately could not log in to the one thing I actually wanted. I tried waiting, I reset my password, nothing worked.
Once I started doing QA I created accounts with various email addresses until I tried generating a simpler alphanumeric password. It was the password causing the problem, when I stuck to letters and numbers, the problem went away and I could log in.
The text was updated successfully, but these errors were encountered: