Description of problem ====================== It is possible to set up a password of length 8 using My Settings. If one logs out and tries to log in again using the new password, the password isn't accepted, the error message is >The username or password you entered is incorrect. The old password is not accepted either. A truly incorrect password, including the old one, causes a different error message: >The username or password you entered does not match our records. Please try again. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Install RHGS WA via tendrl-ansible 2. Login as admin user with default password 3. Click on the User Actions icon in top left part of the screen and "My Settings" modal window shows up 4. Type in a password of length 8 into both password fields in the "My Settings" screen 5. Click Save 6. Click on the User Actions icon again and click Logout 7. Try to log in using the new password Actual results: New password is not accepted, the error message "The username or password you entered is incorrect" is shown. User is unable log in again because neither password works. Expected results: My Settings form does the validation of password length consistent with password length requirements. Login screen doesn't do the validation of password length. User is able to log in using the validated password. Additional info:
Marking as blocker? because this could lock an user out of RHGS WA, without any documented way to recover.
Version-Release number of selected component (if applicable): tendrl-ui-1.6.3-8.el7rhgs.noarch
This seems to be a consequence of broken fix of BZ 1594994. Moreover RHGS WA 3.3.1 doesn't check length of password in login screen.
QE team will validate this issue strictly based on the Expected results sections in this bug report.
Attaching to the tracker, as all 3 acks are present.
@mbukatov Can you please confirm that this issue is same as the comment mentioned at https://bugzilla.redhat.com/show_bug.cgi?id=1594994#c29.
We have fixed the issue, so now user will not be able to update his account with 8 characters password length. Also, the modal we have used is angular-patternfly modal(https://www.patternfly.org/angular-patternfly/#/api/patternfly.modals.componenet:pfModalOverlay),there is an issue inside this component, it doesn't respond properly to custom validations. It closes the modal even if UI is disallowing it(by setting the required flags in case of invalid input for fields ) once user clicks the Save button. For eg, if we provide mismatched passwords and then click on Save, it will still close the modal though Ajax call is not sent as the password are mismatched. But this user experience can confuse the user. A bug has been reported on angular-patternfly, patternfly/angular-patternfly#755 for the same. To make it work we have done a workaround - now we are showing notification(instead of error message) on right corner of view (even if the modal gets closed) with proper error message(which will help user to identify the issue). So in case of mismatched passwords, the user can see the notification saying "Failed to update profile. Password and Confirm Password doesn't match."; @mbukatov please take this work around into account and confirm.
@kmurarka As per the Ju's comment - https://bugzilla.redhat.com/show_bug.cgi?id=1612150#c7, the error message to be shown for mismatched passwords will be "Your password and confirmation password do not match. Go to My Settings to reset your password."
My Settings form doesn't allow a password of length 8 anymore. If I set up a password of length 8 using an Ansible playbook, I'm able to log in to WA using this password.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2616