Note: keeping bug public so customer can follow. Description of problem: URL: https://www.redhat.com/wapps/ugc/register.html - if user checks of the Red Hat contact authorization checkboxes on this form, if they are flipped back to choose another account name these checkbox selections are lost. these selections should be persistent when the username and/or password is rejected. - password rejection message does not state the allowed/disallowed characters nor the character max length limit. password rules seem strange as some non numeric non letter characters are accepted but others are not. recommend that we are more lenient in allowing these types of characters in passwords as it increases potential security. From customer: "When filling out the new account form for "personal" accounts I'm sure I like everyone else who tries had it fail due to the account name I chose being already taken and it flips me back to try again. This happened over and over and over, as it must for most people. "One thing I think could be better here is that while I checked the box to have email from redhat sent to me that did not stick when I was returned to try again so I had to reclick that every time. "The password was another problem. That was also rejected (too good I'm sure). :) If I enterred a password that was too short I got a nice little message telling me it had to be at least 6 characters long. If I entered one that long or longer that was rejected as invalid I was given no clue as to why or what characters were allowed or not. I'm guessing '<' was not a valid character but it would have been easier to figure out if there were a little popup or something that just explained the rules for passwords. I still find it weird that '<' seems bad but ':' seems good.
Committed revision 17785. (Checkbox fix)
Committed revision 17792. (Password fix) Added the following error message: Password must be ASCII and cannot contain the following special characters (") (<) (>) (space)
alphanumeric might be a better term to use than ASCII (jargony and I think there are a lot more exceptions than the 4 you noted if you use 'ASCII') I think in rhn for accounts for example we say must be alphanumeric and may contain the characters - _ ( ) [ ] or whatnot. just a suggestion.
Updated to ON_QA buy bugzillaupdater
verified on QA
Moving everything to ON_DEV to get revisited for the "true up" release.
We will reverify this for TRUUP.
The TRUUP release is officially wsd239.
Closed with the 8/14 release.