Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password validation allows 7 characters, but the minimum requirement is 8 characters #18250

Closed
Carlos-kadu opened this issue Dec 18, 2024 · 11 comments · Fixed by #18273
Closed
Labels
authentication area: authentication, auth, google sign in, password, SAML, password reset, can't log in 🐛 bug Something isn't working

Comments

@Carlos-kadu
Copy link

Issue Summary

The password validation allows a minimum of 7 characters, despite the requirement being 8 characters. This discrepancy leads to inconsistent behavior between the documented and actual system validation.

Steps to Reproduce

  1. Go to the user registration page.
  2. Enter a password with 7 characters.
  3. Submit the registration form.
  4. Alternatively, try to change your password to one with 7 characters and submit the change.

Actual Results

The system accepts passwords with 7 characters, which violates the documented minimum length of 8 characters.

Expected Results

The system should reject passwords that are shorter than 8 characters and display a validation error message.

Technical details

  • Browser version: Mozilla Firefox 133.0.3 (x64 pt-BR)

Evidence

This issue was identified through black-box testing, specifically using boundary value analysis. The test involved providing a password with 7 characters to check if the system correctly enforces the minimum length of 8 characters.

Submitting a form with a 6-character password
image
image

Submitting a form with a 7-character password
image
image

@Carlos-kadu Carlos-kadu added the 🐛 bug Something isn't working label Dec 18, 2024
@dosubot dosubot bot added the authentication area: authentication, auth, google sign in, password, SAML, password reset, can't log in label Dec 18, 2024
@retrogtx
Copy link
Contributor

damn now that's some bug

@retrogtx
Copy link
Contributor

image
upon trying to sign up, it asks for a minimum of seven characters

image
same on the password reset page

can you please tell me on which page did you get the "minimum of eight characters" in a password reset form?

@Durgesh-05
Copy link

Yes, I've checked also on firefox browser but there is no text of 8 character password

@retrogtx
Copy link
Contributor

so where is this occurring?

@Durgesh-05
Copy link

we have to validate from codebase that they are accepting 7 or 8 character password

@retrogtx
Copy link
Contributor

retrogtx commented Dec 19, 2024

we have to validate from codebase that they are accepting 7 or 8 character password

I did a simple search for "eight", but nothing popped up related to password in the codebase

the checks are for =>7

@Durgesh-05
Copy link

Screenshot from 2024-12-19 13-07-10
This screenshot is from the codebase which is a validator for password, in this they are checking for min 7 character password

@Carlos-kadu
Copy link
Author

I believe this might be a translation error in the Portuguese (pt-BR) version. The screenshots have been translated into English. In Portuguese, the minimum is displayed as eight characters on the registration page (I wasn't able to access the registration page in English).
image

@retrogtx
Copy link
Contributor

oh wow interesting

@retrogtx
Copy link
Contributor

could you please verify this?

Mínimo de sete caracteres <= Minimum seven characters

I used google translate for this.

I believe the solution is to simply update the apps/web/public/static/locales/pt-BR/common.json.

@Carlos-kadu
Copy link
Author

I verified the change. "Mínimo de sete caracteres" is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
authentication area: authentication, auth, google sign in, password, SAML, password reset, can't log in 🐛 bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants