Skip to content

[codex] Fix generated password validation#1196

Merged
karilint merged 1 commit into
mainfrom
codex/730-admin-password-management
Jun 4, 2026
Merged

[codex] Fix generated password validation#1196
karilint merged 1 commit into
mainfrom
codex/730-admin-password-management

Conversation

@karilint
Copy link
Copy Markdown
Collaborator

@karilint karilint commented Jun 4, 2026

Summary

  • Confirmed Admin: User rights management #730 is still relevant in the narrowed form from the issue comment: rights management works, but setting/generated passwords can fail.
  • Align backend and frontend password validation with the documented/generated allowed characters by accepting ^ and ?.
  • Add backend unit coverage for generated-password symbols.

Root Cause / Context

The admin user modal can generate passwords using ^ and ?, and both frontend/backend messages said those characters were allowed. The actual validation regex on both sides omitted them, so generated or manually-set admin passwords containing those characters were rejected.

Validation

  • cd backend && npx jest src/unit-tests/validatePassword.test.ts --runInBand --config jest-config.js
  • npm run lint:backend
  • npm run lint:frontend
  • npm run tsc:backend
  • npm run tsc:frontend
  • Commit hook also ran root npm run lint and root npm run tsc successfully.

Closes #730

@karilint karilint marked this pull request as ready for review June 4, 2026 13:05
@karilint karilint requested a review from Copilot June 4, 2026 13:05
@karilint karilint mentioned this pull request Jun 4, 2026
Closed
@karilint karilint marked this pull request as draft June 4, 2026 13:06
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a mismatch between generated/documented password characters and the actual validation logic by updating both frontend and backend validators to accept ^ and ?, and adds backend unit test coverage for those symbols.

Changes:

  • Expand the allowed-character regex in both frontend and backend password validators to include ^ and ?.
  • Add backend unit tests verifying passwords containing ^ and ? are accepted.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
frontend/src/hooks/usePasswordValidation.ts Updates the client-side validation regex to accept ^ and ? to match the documented allowed set.
backend/src/utils/validatePassword.ts Updates server-side validation regex (and keeps the error text aligned) to accept ^ and ?.
backend/src/unit-tests/validatePassword.test.ts Adds unit tests to ensure passwords containing ^ and ? validate successfully.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@karilint karilint marked this pull request as ready for review June 4, 2026 14:21
@karilint karilint merged commit d6ebb0f into main Jun 4, 2026
5 checks passed
@karilint karilint deleted the codex/730-admin-password-management branch June 4, 2026 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Admin: User rights management

2 participants

@karilint