By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?
If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.
In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible:
Issue regarding the ui silently truncating the password: lemmy-ui/#1120
Issue regarding the backend error issue: lemmy/#3284
By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?
If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.
I agree that it’s stupid and needs to be changed.
In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible: