• By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?

    If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.

    • @chaorace
      link
      11 year ago

      I agree that it’s stupid and needs to be changed.

      In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible:

      • Issue regarding the ui silently truncating the password: lemmy-ui/#1120
      • Issue regarding the backend error issue: lemmy/#3284