Fix: Add Password Validation to Account Creation (#25382)

api/services/account_service.py

@@ -246,6 +246,8 @@ class AccountService:
         account.name = name
 
         if password:
+            valid_password(password)
+
             # generate password salt
             salt = secrets.token_bytes(16)
             base64_salt = base64.b64encode(salt).decode()

api/tests/test_containers_integration_tests/services/test_account_service.py

@@ -91,6 +91,28 @@ class TestAccountService:
         assert account.password is None
         assert account.password_salt is None
 
+    def test_create_account_password_invalid_new_password(
+        self, db_session_with_containers, mock_external_service_dependencies
+    ):
+        """
+        Test account create with invalid new password format.
+        """
+        fake = Faker()
+        email = fake.email()
+        name = fake.name()
+        # Setup mocks
+        mock_external_service_dependencies["feature_service"].get_system_features.return_value.is_allow_register = True
+        mock_external_service_dependencies["billing_service"].is_email_in_freeze.return_value = False
+
+        # Test with too short password (assuming minimum length validation)
+        with pytest.raises(ValueError):  # Password validation error
+            AccountService.create_account(
+                email=email,
+                name=name,
+                interface_language="en-US",
+                password="invalid_new_password",
+            )
+
     def test_create_account_registration_disabled(self, db_session_with_containers, mock_external_service_dependencies):
         """
         Test account creation when registration is disabled.