diff --git a/synapse/lib/auth.py b/synapse/lib/auth.py index 60f149ab2e..aab6e010e8 100644 --- a/synapse/lib/auth.py +++ b/synapse/lib/auth.py @@ -1545,6 +1545,7 @@ async def setPasswd(self, passwd, nexs=True, enforce_policy=True): # Prevent empty string or non-string values if passwd is None: shadow = None + enforce_policy = False elif passwd and isinstance(passwd, str): shadow = await s_passwd.getShadowV2(passwd=passwd) else: diff --git a/synapse/tests/test_lib_auth.py b/synapse/tests/test_lib_auth.py index 0d8f538093..58940ccf76 100644 --- a/synapse/tests/test_lib_auth.py +++ b/synapse/tests/test_lib_auth.py @@ -495,7 +495,7 @@ async def test_auth_password_policy(self): ]) # Check sequences - seqmsg = f'Password must not contain forward/reverse sequences longer than 3 characters.' + seqmsg = 'Password must not contain forward/reverse sequences longer than 3 characters.' passwords = [ # letters 'abcA', 'dcbA', 'Abcd', 'Acba', @@ -531,12 +531,8 @@ async def test_auth_password_policy(self): 'Password must contain at least 2 digit characters, 0 found.' ]) - with self.raises(s_exc.BadArg) as exc: - await core.setUserPasswd(user.iden, None) - self.isin( - 'Password must be at least 12 characters.', - exc.exception.get('failures') - ) + # Setting password to None should work also + await core.setUserPasswd(user.iden, None) # Attempting to add a user with a bad passwd will add the user and fail to set the password with self.raises(s_exc.BadArg): @@ -582,6 +578,9 @@ async def test_auth_password_policy(self): await core.setUserPasswd(user.iden, pass2) await core.setUserPasswd(user.iden, pass3) + # Setting password to None should work also + await core.setUserPasswd(user.iden, None) + with self.raises(s_exc.BadArg) as exc: await core.setUserPasswd(user.iden, pass1) self.eq(exc.exception.get('failures'), [