Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.2.0
-
None
-
None
Description
Take the following params:
email=brandontest2@mydomain.com
name=Test
password=x
If I attempt to create a user account with a password that doesn't meet complexity requirements, the following error is returned:
{
"error": "error_password_policy_violation",
"timestamp": 1488401172596,
"duration": 0,
"error_description": "error_length_policy: must be at least 4 characters "
}
That's expected and good!
The problem is that the user account is created anyway, either without a password entirely, or worse, with the weak password.