Skip to content

Fix: Add password validation to registration endpoint#4387

Open
yangbobo2021 wants to merge 1 commit intoEarlo:mainfrom
yangbobo2021:fix/empty-password-validation
Open

Fix: Add password validation to registration endpoint#4387
yangbobo2021 wants to merge 1 commit intoEarlo:mainfrom
yangbobo2021:fix/empty-password-validation

Conversation

@yangbobo2021
Copy link
Copy Markdown

Summary

Fix security vulnerability where empty passwords were accepted during user registration.

Problem

The registration endpoint did not validate passwords before processing them, allowing attackers to create user accounts with empty passwords.

Changes

  • Add password validation before hashing (reject empty/whitespace passwords)
  • Add minimum password length requirement (8 characters)
  • Add comprehensive test coverage for password validation
  • Add vitest configuration for path alias resolution

Security Impact

Prevents unauthorized account creation with empty passwords, addressing a HIGH severity vulnerability (Risk Score: 9/10).

Test Results

All tests pass (10/10)

  • Empty password validation
  • Whitespace-only password rejection
  • Minimum length enforcement (8 characters)
  • Missing password field handling
  • Valid password acceptance

How to Test

Run the test suite:

npm test

Fix security vulnerability where empty passwords were accepted during user registration.

Changes:
- Add password validation before hashing (reject empty/whitespace passwords)
- Add minimum password length requirement (8 characters)
- Add comprehensive test coverage for password validation

Security: Prevents unauthorized account creation with empty passwords.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 16, 2026

Someone is attempting to deploy a commit to the earlo's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant