Username and password are not validated on PATCH
Closed this issue · 0 comments
jackodsteel commented
Username and password constraints are not checked in PATCH, so users can set their username or password to a single digit.
Luckily the username is enforced unique at the DB level so you can't overwrite users or do anything too silly.