Use a default minimum password length of 6

Author: ch5zzy

packages/auth/src/core/auth/auth_impl.test.ts

@@ -821,7 +821,7 @@ describe('core/auth/auth_impl', () => {
     };
     const PASSWORD_POLICY_RESPONSE_UNSUPPORTED_SCHEMA_VERSION = {
       customStrengthOptions: {
-        maxPasswordLength: TEST_MIN_PASSWORD_LENGTH,
+        minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
         unsupportedPasswordPolicyProperty: 10
       },
       allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_CHARS,
@@ -850,7 +850,7 @@ describe('core/auth/auth_impl', () => {
     };
     const CACHED_PASSWORD_POLICY_UNSUPPORTED_SCHEMA_VERSION = {
       customStrengthOptions: {
-        maxPasswordLength: TEST_MIN_PASSWORD_LENGTH
+        minPasswordLength: TEST_MIN_PASSWORD_LENGTH
       },
       allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_STRING,
       enforcementState: TEST_ENFORCEMENT_STATE_ENFORCE,

packages/auth/src/core/auth/password_policy_impl.test.ts

@@ -97,6 +97,11 @@ describe('core/auth/password_policy_impl', () => {
       enforcementState: TEST_ENFORCEMENT_STATE_ENFORCE,
       schemaVersion: TEST_SCHEMA_VERSION
     };
+  const PASSWORD_POLICY_RESPONSE_NO_MIN_LENGTH: GetPasswordPolicyResponse = {
+    customStrengthOptions: {},
+    enforcementState: TEST_ENFORCEMENT_STATE_ENFORCE,
+    schemaVersion: TEST_SCHEMA_VERSION
+  };
   const PASSWORD_POLICY_REQUIRE_ALL: PasswordPolicy = {
     customStrengthOptions: {
       minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
@@ -188,6 +193,13 @@ describe('core/auth/password_policy_impl', () => {
       expect(policy.allowedNonAlphanumericCharacters).to.eql('');
     });
 
+    it('assigns a default minimum length if it is undefined in the response', () => {
+      const policy: PasswordPolicyInternal = new PasswordPolicyImpl(
+        PASSWORD_POLICY_RESPONSE_NO_MIN_LENGTH
+      );
+      expect(policy.customStrengthOptions.minPasswordLength).to.eql(6);
+    });
+
     context('#validatePassword', () => {
       const PASSWORD_POLICY_IMPL_REQUIRE_ALL = new PasswordPolicyImpl(
         PASSWORD_POLICY_RESPONSE_REQUIRE_ALL

packages/auth/src/core/auth/password_policy_impl.ts

@@ -39,10 +39,9 @@ export class PasswordPolicyImpl implements PasswordPolicyInternal {
     // Only include custom strength options defined in the response.
     const responseOptions = response.customStrengthOptions;
     this.customStrengthOptions = {};
-    if (responseOptions.minPasswordLength) {
-      this.customStrengthOptions.minPasswordLength =
-        responseOptions.minPasswordLength;
-    }
+    // A minimum length of 6 will be enforced by the backend if no minimum length is set.
+    this.customStrengthOptions.minPasswordLength =
+      responseOptions.minPasswordLength ?? 6;
     if (responseOptions.maxPasswordLength) {
       this.customStrengthOptions.maxPasswordLength =
         responseOptions.maxPasswordLength;