[
https://issues.apache.org/jira/browse/USERGRID-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15939906#comment-15939906
]
Michael Russo commented on USERGRID-1339:
-----------------------------------------
The problem is here:
org/apache/usergrid/rest/applications/users/UsersResource.java:280
Basically the user password is set after the app user is created, since it's
possible to have an app user without a password. But yeah, this behavior is
wrong and needs to be cleaned up.
> When creating a user account with a password that fails validation check, the
> account is created anyway
> -------------------------------------------------------------------------------------------------------
>
> Key: USERGRID-1339
> URL: https://issues.apache.org/jira/browse/USERGRID-1339
> Project: Usergrid
> Issue Type: Bug
> Components: Stack
> Affects Versions: 2.2.0
> Reporter: Brandon Shelley
>
> Take the following params:
> [email protected]
> name=Test
> password=x
> If I attempt to create a user account with a password that doesn't meet
> complexity requirements, the following error is returned:
> {code}
> {
> "error": "error_password_policy_violation",
> "timestamp": 1488401172596,
> "duration": 0,
> "error_description": "error_length_policy: must be at least 4 characters "
> }
> {code}
> That's expected and good!
> The problem is that the user account is created anyway, either without a
> password entirely, or worse, with the weak password.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
