Passwords do not have any length or character requirements

[bjester]

Observed behavior

An account was created in the hotfixes server environment with a password of a.

Expected behavior

We should have a basic minimum length threshold for passwords, at the very least. In development mode, the password a should still work.

User-facing consequences

Shorter passwords are easier to breach and Studio is an online platform where it's important to have this.

[cerdo03]

Hi, I wanted to pick up this issue, can you guide me how can I check if it is development mode so that the password validation is not valid for dev server?

[cerdo03]

Are there any other validations that need to be implemented?

[MisRob]

Thank you, @cerdo03! We will review.

[bjester]

Are there any other validations that need to be implemented?

@cerdo03 Adding a length check to the backend would also be worthwhile, if you're familiar with python/django. Otherwise, no worries about that.

[cerdo03]

Yeah I am familiar with django, I'll implement the password validation and raise the updated PR soon. Thanks for the review.