fix(aws-android-sdk-auth-userpools): Check actual password requirements in drop-in UI #3588
Conversation
| if (username.isEmpty()) { | ||
| showError(getString(R.string.sign_up_username_missing)); | ||
| return; | ||
| } | ||
|
|
||
| if (password.length() < 6) { | ||
| showError(getString(R.string.password_length_validation_failed)); | ||
| if (minimumPasswordLength != null && password.length() < minimumPasswordLength) { |
There was a problem hiding this comment.
when would minimum be null? Should we fall back to 6 as a safety? Is lower than 6 ever allowed?
There was a problem hiding this comment.
If the password requirements are not specified in awsconfiguration this can be null.
6 is the minimum in Cognito, but if we don't know what the customer has set as their minimum then we just don't want to validate client-side, since any value we choose is likely to be wrong. The original customer report complains that validating with the wrong length leads to a confusing end user experience.
So if we don't know what the minimum is we'll just let the server side validate the password and display whatever error message they return if it's too short (this part is existing functionality).
Issue #, if available: #2370
Description of changes:
Don't hardcode the minimum password length to six. Instead, check the
passwordProtectionSettingsdefined inawsconfiguration.jsonand use those for client-side validation.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.