GNOME Bugzilla – Bug 700333
All passwords are 'not good enough' if the username field is empty
Last modified: 2017-06-01 08:31:57 UTC
On the 'create a user' step of g-i-s, if you enter a password before entering a username, your password always shows as 'not good enough' (or 'too short'), no matter how good it is. If you leave a 'good' password entered and type anything into the 'username' field, the password 'magically' becomes good. gnome-initial-setup-0.10-1.fc19.x86_64
Make password entry insensitive if there's not a valid user name?
Created attachment 246193 [details] [review] account: Update password hints based on username changes - Username changes update the password hint as passwords which contain parts of the username need to be re-validated. - Fix leak of the username. - Make sure that the validation state is reset so that the previous hint doesn't continue to be displayed.
Review of attachment 246193 [details] [review]: This contains a bunch of random unrelated changes. Can you split some of these out? ::: gnome-initial-setup/pages/account/gis-account-page.c @@ +353,3 @@ + if (strlen (username) == 0) { + g_free (username); + username = NULL; I'm confused. Is this implying that pw_strength treats a NULL username differently from a zero-length one? That seems like a libpwquality bug to me. @@ +372,3 @@ + clear_entry_validation_error (GTK_ENTRY (password_entry)); + + if (strength < 0.5) Why was this changed?
(In reply to comment #3) > Review of attachment 246193 [details] [review]: > > This contains a bunch of random unrelated changes. Can you split some of these > out? > > ::: gnome-initial-setup/pages/account/gis-account-page.c > @@ +353,3 @@ > + if (strlen (username) == 0) { > + g_free (username); > + username = NULL; > > I'm confused. Is this implying that pw_strength treats a NULL username > differently from a zero-length one? That seems like a libpwquality bug to me. > Yes, in pwquality it only checks for NULL and not 0 length. So the null terminator gets matched (I think) and the user gets "Password contains Username" etc libpwquality / check.c:498 > @@ +372,3 @@ > + clear_entry_validation_error (GTK_ENTRY (password_entry)); > + > + if (strength < 0.5) > > Why was this changed? Can't remember any more, I'll pull it out.
(In reply to comment #4) > Yes, in pwquality it only checks for NULL and not 0 length. So the null > terminator gets matched (I think) and the user gets "Password contains > Username" etc > > libpwquality / check.c:498 Yeah, that seems like libpwquality's fault.
Will wait on: https://fedorahosted.org/libpwquality/ticket/1
We need this fixed for downstream PDQ, as in, within the next week or so. Waiting on upstream libpwquality changes may not be practical for Fedora. We can always carry a downstream patch if necessary, but just highlighting the urgency.
er, oh wait, that's a different issue. this one isn't so serious. never mind.
(In reply to comment #6) > Will wait on: https://fedorahosted.org/libpwquality/ticket/1 Filed also at: https://bugzilla.redhat.com/show_bug.cgi?id=980968
It has been fixed in libpwquality: https://bugzilla.redhat.com/show_bug.cgi?id=980968
Not fixed yet, this wasn't just a libpwquality issue
Username and password are set on two different pages, so this should not be an issue currently...