Skip to content

allow the default password even if it doesn't meet the normal password policy requirements #1524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
crivetimihai merged 2 commits into from
Dec 12, 2025
Merged

allow the default password even if it doesn't meet the normal password policy requirements #1524

crivetimihai merged 2 commits into from
Dec 12, 2025

Conversation

@Nayana-R-Gowda
Copy link
Collaborator

@Nayana-R-Gowda Nayana-R-Gowda commented Dec 1, 2025

Signed-off-by: NAYANAR nayana.r5@ibm.com

💡 Fix Description

How did you solve it? Key design points.
This block sets the password-strength policy by enforcing length, uppercase/lowercase rules, and whether numbers or special characters are mandatory

🧪 Verification

Check Command Status
Lint suite make lint pass
Unit tests make test pass

📐 MCP Compliance (if relevant)

  • Matches current MCP spec
  • No breaking change to MCP clients

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • No secrets/credentials committed

@Nayana-R-Gowda Nayana-R-Gowda force-pushed the testing branch 2 times, most recently from 6d88950 to eda267e Compare December 8, 2025 07:11
@crivetimihai crivetimihai self-assigned this Dec 12, 2025
@crivetimihai
feat: allow default password to bypass policy validation during boots…
0ad2dfb 
…trap

- Add skip_password_validation parameter to create_user() method in
  EmailAuthService to allow bypassing password policy during bootstrap
- Change bootstrap_db.py to use create_platform_admin() which skips
  password validation for the initial admin user
- Update default password policy to require uppercase, lowercase, and
  special characters (password_require_uppercase, password_require_lowercase,
  password_require_special now default to true)
- Display password requirements dynamically in admin UI based on enabled
  policies
- Fix special character regex to include additional valid characters
- Add validation that old_password must be provided when changing password
- Update doctests and unit tests to use passwords that meet new defaults

Closes #1524

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai
Rebase and lint
a624685 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai crivetimihai merged commit 02bc252 into main Dec 12, 2025
46 of 48 checks passed
@crivetimihai crivetimihai deleted the testing branch December 12, 2025 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

@crivetimihai crivetimihai

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Nayana-R-Gowda @crivetimihai