passwordvalidator.Validate always return nil error, even when the supplied password is well below min entropy

[satish71]

Describe the bug Validate method always returns nil error, even when password entropy is less than minimum entropy

To Reproduce No additional steps required, it is a main line usecase. try with password as "123" with minimum entropy as 60 func strongPass(password string) error { const minEntropyBits = 60 err := passwordvalidator.Validate(password, minEntropyBits) return err }

The problem is the following code, when you return error object it is nil to calling function, as the call fmt.Errorf it is by value and is lost on return.

if len(allMessages) > 0 {
    return fmt.Errorf(
        "insecure password, try %v or using a longer password",
        strings.Join(allMessages, ", "),
    )
}

Expected behavior Should return an error.

Screenshots None

Environment (please complete the following information):

• OS: Mac OSX

Additional context None

[wagslane]

Sorry, I think your example is mistaken. I just added the example you gave as a unit test and it performs as expected. Could you take another look or provide a different example pelase.