Currently, when a user changes their password (via reset password form or email change password link) and it doesn't meet the password policy, no error is shown and they're redirected as if it was successful. User then cannot login.
Expected behavior is that, if the policy isn't met, the user should be redirected to the same password change page with an error message displayed. This issue leads to users being locked out of their accounts without any warning or notification of what went wrong.
Steps to Reproduce:
Reset or change password with a password that doesn't meet policy.
ancailliau
commented
1 year ago
Currently, when a user changes their password (via reset password form or email change password link) and it doesn't meet the password policy, no error is shown and they're redirected as if it was successful. User then cannot login.
Expected behavior is that, if the policy isn't met, the user should be redirected to the same password change page with an error message displayed. This issue leads to users being locked out of their accounts without any warning or notification of what went wrong.
Steps to Reproduce: