id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
10681,User with empty password can't reset their password,rjollos,hasienda,This is perhaps a bit insane of a scenario which came about when testing in a dev environment_ where I do things like create users with empty passwords which I would never do on a production system. Still_ it potentially reveals some odd corner cases_ so I wanted to capture it and let the developer decide what to do with it (with myself having a wide open mind to ''wontfix'' perhaps being the most appropriate handling).\r\n\r\nTo reproduce:\r\n 1. Create a new user with an empty password from the admin page.\r\n 1. Select Reset password for the user from the admin page.\r\n 1. Login as the user and verify that you are being forced to change the password.\r\n 1. Attempt to change the password_ which will result in:\r\n\r\n[[Image(PasswordCannotBeChanged.png)]]\r\n\r\nThe user is not logged out and presented with an authentication dialog_ which seems to be the typical response on a successful password change. Subsequent attempts to change the password have the same result_ except the ''Thank you'' notice goes away after the first attempt.\r\n\r\nThis ties in to the need to have a minimum allowed password length. Is that something the AccountManagerPlugin should eventually support_ or should the store be enforcing a minimum length?,defect,closed,normal,AccountManagerPlugin,normal,fixed,empty password,,