User self-registration page doesn't seem to enforce custom validation rules for attributes
aliaksander-samuseu opened this issue · comments
Description
When user self-registration is enabled, and "Regex Pattern" is set for "Password" attribute, upon user's self-enrolment it doesn't seem like oxTrust actually enforces the regex rules.
Setting high priority for this one as it's related to another issue reported by a customer which they insist disrupting their workflows.
Steps To Reproduce
- Login to oxTrust
- Make sure self-registration is enabled, as described here (email confirmation isn't needed for this test)
- Move to "Attributes" page
- Edit attribute "Password" by adding next regex as "Regex pattern" property:
^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#&()–[{}]:;'.,?/*~$^+=<>]).{8,32}$
- In a separate incognito window go to
/identity/register.htm
path at this Gluu Server - Fill all the fields, while providing
1q2w3e4r
for "Password" field and its confirmation - Finish registration
Expected behavior
As the 1q2w3e4r
string doesn't conform to the rule enforced by the regex above, the user creation should fail (at least), but better the page should notify them which field they filled wrong, and allow them to correct themselves. This must work as such for all attributes for which custom validation rules are enabled
Actual behavior
User creation is successful, user is persisted to the database - though it's not clear what is used as password, but at least you can't login using this password with this user
@aliaksander-samuseu please test it and let me know if any issues found. Closing this ticket.