On Fri, 16 Apr 2021 13:54:37 -0300 Giancarlo Razzolini via arch-general <arch-general@lists.archlinux.org> wrote:

Em abril 16, 2021 13:45 Doug Newgard via arch-general escreveu:

...

On Fri, 16 Apr 2021 18:28:31 +0200 Markus Schaaf via arch-general <arch-general@lists.archlinux.org> wrote:

...

My account exists and I've even reset my password, just in case. But still can't login. Could someone please have a look at it? E-mail is the same I'm posting from and username is the local part.

Is your password really long? There's an issue with flyspray and passwords over a certain number of chars (24? I don't really remember).

Account is not disabled and email is correct.

My password is bigger than 24 chars and I don't have any issues. However, it's alphanum only, no spaces and no special characters.

Regards, Giancarlo Razzolini

That's why I said I didn't really remember what the limit is. Looks like it's 30. https://bugs.archlinux.org/task/39816

Am 16.04.21 um 20:02 schrieb Giancarlo Razzolini via arch-general:

My password is bigger than 50 too =D. I think it might be more related to having special chars on it, than the actual size.

Now it works for me. Could have been my browser autocompleting the user-name. Or something else. Maybe some caching after resetting the password. BR

Am 16.04.21 um 20:31 schrieb Justin Capella via arch-general:

Can't help but think that if there is a length limit to a password it is plaintext in the database.

Good catch, but no: https://github.com/Flyspray/flyspray/blob/master/scripts/authenticate.php

Latest commit 1528f9d on 2 Sep 2019

# upgrade from unsalted md5 or unsalted sha1 or unsalted sha512 to better if($conf['general']['passwdcrypt']=='argon2i'){ $newhash=password_hash($password, PASSWORD_ARGON2I); }else{ $cryptoptions=array('cost'=>12); $newhash=password_hash($password, PASSWORD_BCRYPT, $cryptoptions); } # save the new hash $db->query("UPDATE {users} SET user_pass=? WHERE user_id=?", array($newhash, $user_id));