From b98ba99b236771c03101848a49afb3222e39f4b2 Mon Sep 17 00:00:00 2001 From: ToughGuysDeservePink Date: Tue, 23 Jun 2026 17:00:16 +0800 Subject: [PATCH] fix: correct misleading password length validation message (#37796) --- api/libs/password.py | 2 +- api/tests/unit_tests/libs/test_password.py | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/api/libs/password.py b/api/libs/password.py index cdf55c57e5b..3313278492a 100644 --- a/api/libs/password.py +++ b/api/libs/password.py @@ -13,7 +13,7 @@ def valid_password(password): if re.match(pattern, password) is not None: return password - raise ValueError("Password must contain letters and numbers, and the length must be greater than 8.") + raise ValueError("Password must contain letters and numbers, and the length must be at least 8 characters.") def hash_password(password_str, salt_byte): diff --git a/api/tests/unit_tests/libs/test_password.py b/api/tests/unit_tests/libs/test_password.py index 79fc792cc5f..3cdf22e8051 100644 --- a/api/tests/unit_tests/libs/test_password.py +++ b/api/tests/unit_tests/libs/test_password.py @@ -35,6 +35,13 @@ class TestValidPassword: with pytest.raises(ValueError): valid_password("") + def test_should_reject_password_shorter_than_minimum_length(self): + """A 7-character password with letters and numbers is rejected for length.""" + with pytest.raises(ValueError) as exc_info: + valid_password("abc1234") + + assert "at least 8" in str(exc_info.value) + class TestPasswordHashing: """Test password hashing and comparison"""