Authenticator does not validate user entered password correctly

[pmellaaho]

Before creating a new issue, please confirm:

• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.

Which UI component?

Authenticator

Gradle script dependencies

// Put output below this line
authenticatorVersion = "1.1.0"

Environment information

# Put output below this line
Gradle 8.6

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

Authenticator validates the user entered password e.g. in SignUp screen and this seems to work correctly for other rules specified in amplifyconfiguration.json -file but not for missing upper case letter ("REQUIRES_UPPERCASE" -rule). When the password doesn't meet some other rule, the Authenticator show the correct error msg to user and no NW request is made. If the Upper case letter -rule is not followed the NW request is made and the correct validation result comes from backend and "Password did not conform with policy: Password must have uppercsase characters" -message is shown to the user.

Reproduction steps (if applicable)

No response

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

amplifyconfiguration.json

                "passwordPolicyMinLength": 8,
                "passwordPolicyCharacters": [
                    "REQUIRES_LOWERCASE",
                    "REQUIRES_NUMBERS",
                    "REQUIRES_SYMBOLS",
                    "REQUIRES_UPPERCASE"
                ]
            },

Additional information and screenshots

No response

[mattcreaser]

Thanks for the report. We'll look into the issue.

[mattcreaser]

This is a parsing logic error of the configuration, specifically it's looking for the value REQUIRES_UPPER instead of the correct REQUIRES_UPPERCASE. I've verified that the logic to handle the uppercase/lowercase requirements (both are broken) work correctly if the configuration values are properly parsed.

This logic existed in Authenticator 1.1.0 but was moved over to the Amplify library in 1.2.0 - unfortunately the faulty logic was moved as-is. So the bug exists but it is now in the Amplify library instead of Authenticator (same result, though). I'll open a new issue and fix it there, and then use this issue to track the dependency update once the Amplify release is made.

[mattcreaser]

This has been resolved in Authenticator 1.2.1

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.