Merge pull request #7662 from appwrite/fix-password-validation

Fix: Empty password validation
2026-05-23 00:49:02 +00:00 · 2024-02-26 18:29:01 +13:00 · 2024-02-26 18:29:01 +13:00 · a2b6bb6174
commit a2b6bb6174
parent 36ebb89a9b d7a16ae7b0
3 changed files with 24 additions and 3 deletions
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@ -71,7 +71,14 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e
            : ID::custom($userId);

        if ($project->getAttribute('auths', [])['personalDataCheck'] ?? false) {
-            $personalDataValidator = new PersonalData($userId, $email, $name, $phone);
+            $personalDataValidator = new PersonalData(
+                $userId,
+                $email,
+                $name,
+                $phone,
+                strict: false,
+                allowEmpty: true
+            );
            if (!$personalDataValidator->isValid($plaintextPassword)) {
                throw new Exception(Exception::USER_PASSWORD_PERSONAL_DATA);
            }
--- a/src/Appwrite/Auth/Validator/PersonalData.php
+++ b/src/Appwrite/Auth/Validator/PersonalData.php
@ -12,9 +12,10 @@ class PersonalData extends Password
        protected ?string $email = null,
        protected ?string $name = null,
        protected ?string $phone = null,
-        protected bool $strict = false
+        protected bool $strict = false,
+        protected bool $allowEmpty = false,
    ) {
-        parent::__construct();
+        parent::__construct($allowEmpty);
    }

    /**
--- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
@ -1731,6 +1731,19 @@ class ProjectsConsoleClientTest extends Scope

        $this->assertEquals(201, $response['headers']['status-code']);

+        $response = $this->client->call(Client::METHOD_POST, '/users', array_merge($this->getHeaders(), [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $id,
+            'x-appwrite-mode' => 'admin',
+        ]), [
+            // Empty password
+            'email' => uniqid() . 'user@localhost.test',
+            'name' => 'User',
+            'userId' => ID::unique(),
+        ]);
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+
        $email = uniqid() . 'user@localhost.test';
        $userId = ID::unique();
        $response = $this->client->call(Client::METHOD_POST, '/users', array_merge($this->getHeaders(), [