Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.2.0
-
None
-
None
Description
Take the following params:
email=brandontest2@mydomain.com
name=Test
password=x
If I attempt to create a user account with a password that doesn't meet complexity requirements, the following error is returned:
{ "error": "error_password_policy_violation", "timestamp": 1488401172596, "duration": 0, "error_description": "error_length_policy: must be at least 4 characters " }
That's expected and good!
The problem is that the user account is created anyway, either without a password entirely, or worse, with the weak password.