search

mozilla-iam / auth0-custom-lock

Front-end for the newly refreshed auth0 “Lock” interface: the New Login Experience (NLX)
Mozilla Public License 2.0
8 stars 15 forks source link

Password entry type data is sent when LastPass automatically fill wrong password-> login is not successful #240

Open rleitan opened 6 years ago

rleitan commented 6 years ago

[Prerequisites]: Install LastPass and save an email address +password

[Steps to reproduce]: 1.Open sso.allizom.org 2.Enter a valid LDAP email address ( different from the one saved in LastPass) 3.The password field is automatically filled with a wrong password (saved in LastPass for another account) -> click Enter 4.Enter the valid password for the account entered in step 2

[Expected result]: Step3: Wrong Email or Password message displayed Password entry - Machine Step 4: Successful login Password entry - Human Should be sent info about password entry type only when the login is successful

[Actual result]: Step3: Wrong Email or Password message displayed Password entry - Machine Step 4: No data sent about password entry type when login is successful

[Note]: This is a LastPass issue which affects the password entry data sent

hidde commented 5 years ago

This is correct, we only look at password entry type at the first time, so that we're not counting the same user twice. I realise we can't really avoid that anyway, but at least in this case we try.