Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.
This repository was archived by the owner on May 29, 2026. It is now read-only.

[LOW] L1: Generated 12-char password may fail NC password policy — silent 500 on user creation #348

Description

@rubenvdlinde

Severity: LOW

Location: lib/Service/SoftwareCatalogue/ContactPersonHandler.php line 466

Description:
New user accounts are created with a 12-character randomly generated password. The character set used may not satisfy the Nextcloud password policy (which by default requires uppercase, lowercase, digit, and special character). When IUserManager::createUser rejects the password for policy non-compliance, the method throws an exception that surfaces as a generic HTTP 500 to the caller, with no actionable error message.

Suggested fix:
Generate passwords that explicitly satisfy NC's IPasswordPolicy constraints, or use NC's built-in password generator utility if available, to ensure reliable account creation regardless of instance password policy configuration.


Source: deep team-reviewer pass 2026-05-27

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions