Steps to reproduce
- Copy password out of word document/email/password manager etc., catch by accident a blank space in the end
- Paste password in the password input field of the nextcloud server
- Login fails
Expected behaviour
The login mask should trim away the blank spaces at the end and the beginning.
Actual behaviour
Blanks are not trimmed, therefore the login fails.
Comment
Actually I am not sure if this is a bug or a feature. In my opinion it would make sense to trim the blank spaces in the beginning and the end of a password to avoid failed logins which are only caused by copy/paste-issues. It seems like others (for example Google) are trimming passwords and there are some good reasons to do so.
errotu
All 7 comments
I think it's better to show the user a message like "whitespace is not supported in passwords", when the password field contains a whitespace.
So the user sees what he has done wrong. Maybe there are some users who try to use a white space in a password... who knows^^
BornToBeRoot
on 7 Aug 2017
Why would you not support whitespaces in passwords? Use a sentence instead of the usual gibberish "one number, one special character, ..." and your password is easy to remember/type and safe!
enaut
on 9 Aug 2017
Spaces in passwords are a Good Thing. But spaces at the _end_ (and maybe the beginning) of a password might be problematic.
The issue is if someone has intentionally added a space at the end of their password, and the behavior here is changed - then they can never log in again.
So if this is changed, it should issue a warning, and also make sure that spaces are stripped from any field where you can set a new password.
If you are using some kind of external auth (LDAP, PAM etc.), you might be in trouble though...
Not sure if it is feasible, but maybe this could be solved by some extra code like
- Try to log in with the supplied password
- If it fails - check if the typed password had any spaces before or after
- Try again with leading and trailing spaces stripped away
But this might get way to complicated...
Olen
on 10 Aug 2017
I like the "auto-fix the password" idea. It will prevent failed logins due to leading / trailing spaces and allows the users with intentional whitespace at the beginning / end of the password to login.
DBX12
on 10 Nov 2017
The same seems to be true for the username. It's really annoying if you can't figure out why the login fails when the password is correct and the username _looks_ correct but has a space at the end. I would support some "auto-fix" mechanism as well or at least a warning for the username.
AnianZ
on 23 Jul 2018
If you copy paste your password form a text document it might be time to switch to a proper password manager.
We can't solve everything and just randomly removing whitespace or trying several versions of the password is not the way to go.
rullzer
on 5 Mar 2019
you're right, but there is a usecase where blanks and "-"/"_" become unhandy -> share_by_mail
I will make a pullrequest for this issue soon
aignerat
on 27 Sep 2019
Related issues
jancborchardt
路
3Comments
mfechner
路
3Comments
blackcrack
路
3Comments
j-ed
路
3Comments
arno01
路
3Comments
Most helpful comment
Spaces in passwords are a Good Thing. But spaces at the _end_ (and maybe the beginning) of a password might be problematic.
The issue is if someone has intentionally added a space at the end of their password, and the behavior here is changed - then they can never log in again.
So if this is changed, it should issue a warning, and also make sure that spaces are stripped from any field where you can set a new password.
If you are using some kind of external auth (LDAP, PAM etc.), you might be in trouble though...
Not sure if it is feasible, but maybe this could be solved by some extra code like
But this might get way to complicated...