Closed mjdyson closed 7 months ago
It looks like the android/ios app is truncating passwords down to 25 characters. Sending the full password to their API results in a 400 error, but after removing characters from the end until it reaches 25 characters... it lets you log in. 🤮 As gross as this is, I can update the login function to do the same.
I also like make long random passwords, though I usually stop at 24 characters as that seems to be the average max password length for a lot of applications. Any longer, and I would have run into this disgusting issue myself . 🥲
Yuck.
In times like these it makes me hope they're not storing passwords in plain text.
Alternatively, could you relay a different error message back to the user when passwords exceed 25 char? Rather than hack it into shape.
E.g. "AC Infinity does not store passwords longer than 25 characters. Please check with their website and reduce length accordingly".
M
Hello,
Since I use a password manager to generate unique passwords, I tend to go a little long on the password length front. When the password was set to 32 characters (assuming symbols, numbers, upper/lower case is all permitted) the log-in flow would display an error "invalid login details", or similar response.
My first thought was that it could be due to symbols not being handled properly. This didnt fix it. However, shrinking my password down to 24 characters, the log-in flow worked.
Is this a bug that can be fixed, or guidance added to the install guide?
(as a side note, the ac infinity android app doesnt support wifi passwords above a certain length either)