[Bug] Android side got a 500 error when loggingin with EXPERIMENTAL_RealPassword enabled

[enums]

Describe the bug

Android client cannot loging with a real password. I've tested the windows client & Android client on the same server. The windows client passed but the Android client failed with a 500. The two clients I used are both 2.8. And they can login successfully if I disable EXPERIMENTAL_RealPassword.

I checked the code and found the exception thrown at:

// `DefaultAuthenticators` # 116
cipher.doFinal(Utils.base64Decode(request.getPasswordRequest().password))

Then catched by #118 which set the not-decrypted password to decryptedPassword directly which caused the code failed at

// #156
BCrypt.verifyer().verify(decryptedPassword.toCharArray(), account.getPassword()).verified

There's no try-catch there so the endpoint thrown a 500 directly.

It looks like a passwd decryption issue and I don't have much domain knowledge to solve it. Could anyone help to take a look at this?

Which branch did you use? branch: development hash: 283a88196d3cf4d30c7212a07646fe6a52fec5f2

[MistakingManx]

I'm having this issue now on a Windows client "Server busy (500)