Client-side password validation is inaccurate
NielsPilgaard opened this issue · 4 comments
NielsPilgaard commented
At the moment, client-side validation checks whether the password given when creating a user is between 6 and 32 characters, and fails if it is not.
However the password is required to contain at least:
- 1 upper-case letter
- 1 lower-case letter
- 1 digit
- 1 non-alphanumeric character
So client-side validation can pass without the password being valid.
I'm submitting a PR shortly to fix this.
davidfowl commented
I don't want to rewrite this if the rules change 😄
NielsPilgaard commented
I'll make sure to maintain it 😁
davidfowl commented
davidfowl commented
Fixed