Open Issues Need Help
View All on GitHubAI Summary: The GitHub issue reports an inconsistency in password length requirements displayed on the "Change Password" screen. The inline helper text suggests a minimum of 8 characters, while the validation error message states a minimum of 12 characters, causing user confusion. The expected behavior is for all UI messages to consistently display the same, correct password policy.
AI Summary: The system currently lacks a real-time password strength indicator during the password change process, causing users to struggle with complexity rules through trial and error. Users only receive validation errors after input, leading to frustration and a slower process. The expected behavior is a dynamic indicator that shows password strength (e.g., Weak/Medium/Strong) and progress towards meeting requirements as the user types.
AI Summary: The system currently lacks the ability to deactivate or activate user accounts, preventing proper user access control and posing a significant security risk. This missing functionality blocks a critical test case (AUTH_LOGIN_03) designed to verify that inactive users cannot log in. Implementing this feature requires adding UI options, backend APIs, and updating the authentication flow to manage user status effectively.
AI Summary: The GitHub issue describes a security vulnerability where the login page provides different error messages for unknown usernames ("Username not found") versus existing usernames with incorrect passwords ("Invalid credentials"). This allows for username enumeration, enabling attackers to confirm valid user accounts, which is a precursor to brute-force attacks and phishing. The proposed fix involves returning a single, generic error message for both scenarios.