wip

synapse/lib/auth.py

@@ -1545,6 +1545,7 @@ async def setPasswd(self, passwd, nexs=True, enforce_policy=True):
         # Prevent empty string or non-string values
         if passwd is None:
             shadow = None
+            enforce_policy = False
         elif passwd and isinstance(passwd, str):
             shadow = await s_passwd.getShadowV2(passwd=passwd)
         else:

synapse/tests/test_lib_auth.py

@@ -495,7 +495,7 @@ async def test_auth_password_policy(self):
             ])
 
             # Check sequences
-            seqmsg = f'Password must not contain forward/reverse sequences longer than 3 characters.'
+            seqmsg = 'Password must not contain forward/reverse sequences longer than 3 characters.'
             passwords = [
                 # letters
                 'abcA', 'dcbA', 'Abcd', 'Acba',
@@ -531,12 +531,8 @@ async def test_auth_password_policy(self):
                 'Password must contain at least 2 digit characters, 0 found.'
             ])
 
-            with self.raises(s_exc.BadArg) as exc:
-                await core.setUserPasswd(user.iden, None)
-            self.isin(
-                'Password must be at least 12 characters.',
-                exc.exception.get('failures')
-            )
+            # Setting password to None should work also
+            await core.setUserPasswd(user.iden, None)
 
             # Attempting to add a user with a bad passwd will add the user and fail to set the password
             with self.raises(s_exc.BadArg):
@@ -582,6 +578,9 @@ async def test_auth_password_policy(self):
             await core.setUserPasswd(user.iden, pass2)
             await core.setUserPasswd(user.iden, pass3)
 
+            # Setting password to None should work also
+            await core.setUserPasswd(user.iden, None)
+
             with self.raises(s_exc.BadArg) as exc:
                 await core.setUserPasswd(user.iden, pass1)
             self.eq(exc.exception.get('failures'), [