(cache)(bug): Limited password validation on forgot password (#560) · Issues · Minds / Minds Backend - Engine · GitLab

(bug): Limited password validation on forgot password

Summary

When you forget your password, the password strength enforcement is different. Characters like @ are not allowed, but all lower case with no numbers and symbols is.

Steps to reproduce

Log out
Click on forgot my password on login form
follow instructions
try an all lower case password with an @
try removing the @

Platform information

Very likely cross-platform but reproduced on S7 edge.

What is the current bug behavior?

Weak passwords are allowed.

What is the expected correct behavior?

Weak passwords should not be allowed.

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Edited 1 month ago by Ben Hayward

Related merge requests

2

Ben Hayward @benhayward.ben added 1 - High P - Onboarding P - Platform T - Bug scoped labels 1 month ago

added 1 - High P - Onboarding P - Platform T - Bug scoped labels
Ben Hayward @benhayward.ben changed title from (high): Limited password validation on forgot password to (bug): Limited password validation on forgot password 1 month ago

changed title from (high): Limited password validation on forgot password to (bug): Limited password validation on forgot password
Ben Hayward @benhayward.ben assigned to @benhayward.ben 1 month ago

assigned to @benhayward.ben
Ben Hayward @benhayward.ben changed weight to 3 1 month ago

changed weight to 3
Ben Hayward @benhayward.ben changed milestone to %sprint: Hipster Hedgehog 1 month ago

changed milestone to %sprint: Hipster Hedgehog
Ben Hayward @benhayward.ben added S - InProgress scoped label 1 month ago

added S - InProgress scoped label
Ben Hayward @benhayward.ben added S - Review scoped label and automatically removed S - InProgress label 1 month ago

added S - Review scoped label and automatically removed S - InProgress label
Ben Hayward @benhayward.ben changed weight to 5 1 month ago

changed weight to 5
Ben Hayward @benhayward.ben changed milestone to %sprint: Hipster Hedgehog 1 month ago

changed milestone to %sprint: Hipster Hedgehog
Ben Hayward @benhayward.ben changed weight to 5 1 month ago

changed weight to 5
Ben Hayward @benhayward.ben moved from #513 (closed) 1 month ago

moved from #513 (closed)
Ben Hayward @benhayward.ben mentioned in merge request front!369 (closed) 1 month ago

mentioned in merge request front!369 (closed)
Mark Harding @markeharding automatically removed S - Review label 1 month ago

automatically removed S - Review label
Mark Harding @markeharding · 1 month ago

Owner

This is for the backend to restrict, not the frontend
Ben Hayward @benhayward.ben · 1 month ago

Developer

Good point, back-end is needed, my personal preference then would be to put front-end and back-end validation in, which allows us to handle incorrect passwords without throwing unneeded requests at the server.

That being said I'm sure you've considered that already, so I'll re-do this for the back-end this sprint.
Ben Hayward @benhayward.ben added S - InProgress scoped label 1 month ago

added S - InProgress scoped label
Ben Hayward @benhayward.ben changed milestone to %sprint: Hipster Hedgehog 1 month ago

changed milestone to %sprint: Hipster Hedgehog
Ben Hayward @benhayward.ben changed weight to 5 1 month ago

changed weight to 5
Ben Hayward @benhayward.ben moved from front#1442 (closed) 1 month ago

moved from front#1442 (closed)
Mark Harding @markeharding added Squad::Green scoped label 2 weeks ago

added Squad::Green scoped label
Ben Hayward @benhayward.ben mentioned in merge request !232 (merged) 1 week ago

mentioned in merge request !232 (merged)
Mark Harding @markeharding closed via merge request !232 (merged) 17 minutes ago

closed via merge request !232 (merged)
Mark Harding @markeharding mentioned in commit 83d701b4 17 minutes ago

mentioned in commit 83d701b4
You're only seeing other activity in the feed. To add a comment, switch to one of the following options.

Please register or sign in to reply