id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
10681	User with empty password can't reset their password	rjollos	hasienda	This is perhaps a bit insane of a scenario which came about when testing in a dev environment, where I do things like create users with empty passwords which I would never do on a production system. Still, it potentially reveals some odd corner cases, so I wanted to capture it and let the developer decide what to do with it (with myself having a wide open mind to ''wontfix'' perhaps being the most appropriate handling).\r\n\r\nTo reproduce:\r\n 1. Create a new user with an empty password from the admin page.\r\n 1. Select Reset password for the user from the admin page.\r\n 1. Login as the user and verify that you are being forced to change the password.\r\n 1. Attempt to change the password, which will result in:\r\n\r\n[[Image(PasswordCannotBeChanged.png)]]\r\n\r\nThe user is not logged out and presented with an authentication dialog, which seems to be the typical response on a successful password change. Subsequent attempts to change the password have the same result, except the ''Thank you'' notice goes away after the first attempt.\r\n\r\nThis ties in to the need to have a minimum allowed password length. Is that something the AccountManagerPlugin should eventually support, or should the store be enforcing a minimum length?	defect	closed	normal	AccountManagerPlugin	normal	fixed	empty password