Description: When attempting to update a password, if the new password exceeds the maximum length requirement of 128 characters as specified in Personal_Account_page+requirements
, the system incorrectly allows the password to be saved. This behavior contradicts the documented password length constraint, which should restrict passwords to a maximum of 128 characters.
Preconditions:
User must be registered and authenticated.
Steps to Reproduce:
Execute any the following CURL commands to attempt updating the user password:
Description: When attempting to update a password, if the new password exceeds the maximum length requirement of 128 characters as specified in Personal_Account_page+requirements
, the system incorrectly allows the password to be saved. This behavior contradicts the documented password length constraint, which should restrict passwords to a maximum of 128 characters.
Preconditions:
User must be registered and authenticated.
Steps to Reproduce:
Execute any the following CURL commands to attempt updating the user password:
1.1 password with length = 129: curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgyNjk2NywiZXhwIjoxNzA5ODI3MjA3fQ.ebcUbpALQg7Imh207aznezB9AsJYxj0KmijMBEz_9W8' \ --data-raw '{ "newPassword": "@OUiDQK3BFZNSk3NLN4Sp%w@CNOa!7xP5B&cx7Gw9E6sXl@x4GwPRlyjErQEW8G9YbW@x5kUnS0sTeY0DwKTIFUZSxd$UETcblOxsDGaxHagIB7aWN0%G5o4CqQo*H%", "oldPassword": "password12345" }'
1.2 password with length = 130: curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users' --header 'Content-Type: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgyNjk2NywiZXhwIjoxNzA5ODI3MjA3fQ.ebcUbpALQg7Imh207aznezB9AsJYxj0KmijMBEz_9W8' --data-raw '{ "newPassword": "@OUiDQK3BFZNSk3NLN4Sp %w@CNOa!7xP5B&cx7Gw9E6sXl@x4GwPRlyjErQEW8G9YbW@x5kUnS0sTeY0DwKTIFUZSxd$UETcblOxsDGaxHagIB7aWN0%G5o4CqQo*H%9", "oldPassword": "password12345" }'
Expected Result:
The system should reject the "newPassword" if its length exceeds 128 characters.
An HTTP status code of 400 (Bad Request) should be returned.
The error message should clearly state: { "message": "Password should have a length between 8 and 128 characters" }.
Actual Result:
Passwords with lengths of 129 and 130 characters are incorrectly saved.
An HTTP status code of 200 (OK) is returned, indicating a successful operation contrary to expectations.