Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-4286

Ideation: No Password Policy Enforced for External Users Registration

XMLWordPrintable

    • 2
    • Severity 3 - Minor
    • No

      Issue Summary

      External users registering on an Ideation external link are able to create passwords with no password strength policies enforced, only a 50 characters limit is enforced.
      However, password policies are enforced when a password reset is initiated by an external user.
      Same password policies during password reset need to be applied at the point of registration.

      Steps to Reproduce

      • As a Super Admin, browse to Ideation, setup any Ideation Group then make it public
      • Copy its External Link
      • Launch a new incognito browser window or tab
      • Browse to External Link
      • Click Register
      • Fill in all required details including desired password
      • Use a password with no alphanumeric combination or special characters e.g. "mypass"

      Expected Results

      User registration fails as password inputted does not validate based on rules like;

      • minimum length of 8 characters
      • at least 1 numeric value
      • at least 1 uppercase value

      Actual Results

      User registration is completed successfully

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              dfuller@atlassian.com Don Fuller
              6ec424453bfd Raymond Enechukwu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: