[NXP-32928] Fix being able to create user with empty password - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: In Progress
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2021.0, 2023.0
Fix Version/s: 2021.x, 2023.x, 2025.x
Component/s: Rest API

Tags:
- SupCom
- nxplatform
Backlog priority:
600
Sprint:
nxplatform #124
Story Points:
3

Description

When using the user endpoint to create a user, you are able to specify an empty password.

curl -X POST http://localhost:8080/nuxeo/api/v1/user \
-H 'Content-Type: application/json' \
-u Administrator:Administrator \
-d '{
    "entity-type":"user", "properties":{"username":"testUser", "password":""}
}'

Password should probably follow the regex defined in the user password pattern.

Attachments

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Nicole Peacock

Participants:

Antoine Taillefer, Nicole Peacock

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2024-10-08 16:35

Updated:

2024-10-24 14:54