On Update User Endpoint, 'NULL' for the password field in the request body is being accepted which should not happen

Open ghost opened this issue 4 years ago • 0 comments

🐞 bug report

Relevant scope

Backend Scope

Description

I was testing the endpoints on Postman and in the Update User POST request, in the Request Body, it sees like I can pass NULL for password which I think should not ideally happen. It essentially makes the user's password null and hence we can't change it thereafter because later the user can't login. For the username parameter in the request body there is a check that says it cant be null and must be minimum 1 character and maximum 20 characters, similarly it should happen for password field as well.

Error

This should not happen and should sent an error response like the below

Correct

Jun 12 '21 11:06 ghost