Minimum password length + Static Pages fixes (was #11474) (#11506)

* Revert "Revert "Minimum password length + Static Pages fixes (#11474)"" This reverts commit d1afbf4b92. * add min length for reset password
2025-12-16 14:17:22 +01:00 · 2019-12-18 19:02:15 +01:00
parent fb1ea935e6
commit e4edab2b9d
14 changed files with 293 additions and 86 deletions
--- a/test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js
+++ b/test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js
@@ -189,6 +189,28 @@ describe('POST /user/auth/reset-password-set-new-one', () => {
    });
  });

+  it('renders the error page if the password is too short', async () => {
+    const user = await generateUser();
+
+    const code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({ days: 1 }),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    await expect(api.post(`${endpoint}`, {
+      newPassword: 'short',
+      confirmPassword: 'short',
+      code,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
  it('renders the success page and save the user', async () => {
    const user = await generateUser();

--- a/test/api/v3/integration/user/auth/POST-register_local.test.js
+++ b/test/api/v3/integration/user/auth/POST-register_local.test.js
@@ -326,6 +326,24 @@ describe('POST /user/auth/local/register', () => {
      });
    });

+    it('requires minimum length for the password', async () => {
+      const username = generateRandomUserName();
+      const email = `${username}@example.com`;
+      const password = '1234567';
+      const confirmPassword = '1234567';
+
+      await expect(api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+
    it('requires a username', async () => {
      const email = `${generateRandomUserName()}@example.com`;
      const password = 'password';
--- a/test/api/v3/integration/user/auth/PUT-user_update_password.test.js
+++ b/test/api/v3/integration/user/auth/PUT-user_update_password.test.js
@@ -82,6 +82,20 @@ describe('PUT /user/auth/update-password', async () => {
    });
  });

+  it('returns an error when newPassword is too short', async () => {
+    const body = {
+      password,
+      newPassword: '1234567',
+      confirmPassword: '1234567',
+    };
+
+    await expect(user.put(ENDPOINT, body)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
  it('returns an error when confirmPassword is missing', async () => {
    const body = {
      password,