Failed registration secretly registers the user

[KennethTrecy]

Describe the bug I observed that registration when the password was too common bypasses the validation and force register the user.

To Reproduce Steps to reproduce the behavior:

1. Use any client.
2. Attempt to register with common password.
3. Visit log in page and try the failed credentials.
4. Expect being logged in, concluding the use was registered.

Expected behavior Invalid credentials must not be registered as this would mean a security issue.

Additional context After logging in, access tokens are included from the response sometimes.