> What are the steps required to reproduce the bug?

When registering for your localhost Drupal admin account, do the following:

1) Create a 64 character password (e.g. using a password manager). Include symbols, such as $ and %, and numbers, lowercase and uppercase.
2) Sign out
3) Sign back in (using password manager, or at least a copy and paste to ensure you aren't entering the wrong password)

> What behaviour were you expecting?

I was expecting to be able to login.

> What happened instead?

I was told I had the wrong password. I tried creating a shorter password of 60 characters (as there seemed to be something about a 60 max password in another bug report). However, this also failed.

Comments

CatsFromStonehenge created an issue. See original summary.

CatsFromStonehenge’s picture

CatsFromStonehenge CreditAttribution: CatsFromStonehenge commented

Update:

When registering, I registered with an email address which was picked up by the password manager. It's sometimes confusing that usernames are sometimes emails, and sometimes they really are usernames and not emails. It would be useful if the email address could also be used when signing in.

cilefen’s picture

cilefen CreditAttribution: cilefen commented
Status: Active » Postponed (maintainer needs more info)
Issue tags: -password length, -passwords, -logging in, -signing in
Related issues: +#1777270: Write tests for: Users with passwords over 60 characters cannot log in via the user login block

Can we see if this is a duplicate?

Read the issue tag guidelines: https://www.drupal.org/node/1023102

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

quietone’s picture

quietone CreditAttribution: quietone as a volunteer commented
Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)
Issue tags: +Bug Smash Initiative

I never tried a really long password and discovered that 256 characters worked just fine. Then I looked at the code and found const PASSWORD_MAX_LENGTH = 512; and that that length is tested, in PasswordHashingTest.php

As part of the Bug smash initiative, we are triaging issues that are marked 'Postponed (maintainer needs more info)'. This issue is more than 12 months old and is not reproducible. As such I am marking it 'Closed (cannot reproduce)'.

If anyone believes this issue should not be closed, please provide specific steps to reproduce when reopening it.