Description: When attempting to update a password that does not meet the specified requirements as outlined in the Personal_Account_page+requirements, the system returns an error message that is inconsistent with the expected documentation. The error message should clearly state the password requirements, but instead provides a regular expression that is less understandable to end-users.
Preconditions:
User must be registered and authenticated.
Steps to Reproduce:
Execute the following CURL command to attempt updating the user password:curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users' --header 'Content-Type: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgzNTE5NiwiZXhwIjoxNzA5ODM1NDM2fQ.UNpNvUOVNLNWsx60okbKTi6UM_CmRWsaGm8f_oWbNoY' --data '{"newPassword": "","oldPassword": "password12345"}'
Observe the response.
Expected Result:
The system should reject the "newPassword" with empty field.
HTTP status code 400 (Bad Request) should be returned.
Error message should clearly state: { "message": "Password is the mandatory attribute}.
Actual Result:
The "newPassword" field is correctly rejected for not meeting the requirement.
HTTP status code 400 is returned.
The error message provided is unclear and technical: "message": "[{ ErrorMessage: must match \"^(?=.[A-Za-z])(?=.\d)[A-Za-z\d@$!%*?&]{8,}$\" }]".
Description: When attempting to update a password that does not meet the specified requirements as outlined in the Personal_Account_page+requirements, the system returns an error message that is inconsistent with the expected documentation. The error message should clearly state the password requirements, but instead provides a regular expression that is less understandable to end-users.
Preconditions:
User must be registered and authenticated.
Steps to Reproduce:
Execute the following CURL command to attempt updating the user password:curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users' --header 'Content-Type: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgzNTE5NiwiZXhwIjoxNzA5ODM1NDM2fQ.UNpNvUOVNLNWsx60okbKTi6UM_CmRWsaGm8f_oWbNoY' --data '{"newPassword": "","oldPassword": "password12345"}'
Observe the response.
Expected Result:
The system should reject the "newPassword" with empty field.
HTTP status code 400 (Bad Request) should be returned.
Error message should clearly state: { "message": "Password is the mandatory attribute}.
Actual Result:
The "newPassword" field is correctly rejected for not meeting the requirement.
HTTP status code 400 is returned.
The error message provided is unclear and technical: "message": "[{ ErrorMessage: must match \"^(?=.[A-Za-z])(?=.\d)[A-Za-z\d@$!%*?&]{8,}$\" }]".