Password Validation Does Not Enforce All Security Requirements

[ichastevani]

Password Validation Does Not Enforce All Security Requirements

Description

The password validation logic must ensure that users create passwords meeting the following security requirements. However, the current implementation either:

1. Does not validate passwords correctly.
2. Fails to display clear error messages for each unmet requirement.

---

Expected Behavior

When a user enters a password that does not meet the security requirements, the system should display the following error message, dynamically listing the unmet criteria:

Each requirement should be validated independently, and only unmet criteria should be displayed in the error message.

---

Actual Behavior

• The system either does not validate the password properly or displays incomplete error messages.
• Users are unable to understand why their password is invalid.

---

Steps to Reproduce

1. Navigate to the registration or password change page.
2. Enter a password that violates one or more of the requirements (e.g., only lowercase letters, less than 8 characters, etc.).
3. Submit the form.

---

Acceptance Criteria

1. Validation Logic:

   • A password must pass the following checks:
     • Minimum 8 characters.
     • At least one uppercase letter.
     • At least one lowercase letter.
     • At least one number.
     • At least one special character (!@#$%^&*).

2. Error Message:

   • If the password does not meet any of the requirements, the error message must list the unmet criteria.
   • Example for an invalid password:

     Password must meet the following requirements:
     • At least 8 characters
     • An uppercase letter

3. UI Behavior:

   • The error message should be displayed near the password input field in red text.
   • The message must update dynamically as the user corrects the input.

4. Testing:

   • Automated and manual tests should verify that all requirements are enforced and error messages are displayed correctly.

---

Severity

High

---

Additional Notes

Please ensure this issue is reviewed and resolved promptly as it impacts the usability and security of the application.

[ichastevani]

Evidence: Password Validation Implementation

---

Description

The password validation has been successfully implemented. It now enforces the following requirements:

• At least 8 characters.
• Contains an uppercase letter.
• Contains a lowercase letter.
• Includes at least one number.
• Has a special character (!@#$%^&*).

---

Steps Verified

1. Navigate to the registration form.
2. Enter a password that violates one or more of the above requirements.
3. Verify that the error message displays the unmet criteria.
4. Enter a valid password that satisfies all the requirements.

5. Verify that no error message is displayed, and the form can be submitted successfully.

   Status: Issue has been verified and resolved successfully