Description
If "currentPassword" provided wrong, getting "password history" error.
Problem
We are using /api/user/change-password api to change the password and we are some having below observations on this, please do the needful on the same.
Suppose your currentPassword is "Test@123" and trying to change the password with below request.
{
"loginId": "[email protected]",
"currentPassword": "Test@123Wrong",
"password": "Test@123"
}
Ideally it should throw “Provided currentPassword is not valid” as we have provided currentPassword wrong and provided currentPassword in password property, as we have enabled Reject previous passwords as 1, so we are getting “The [password] property may not be the same as the previously [1] used passwords.” error message.
Solution
Ideally the preference should be given to the currentPassword validation, once its proven validated then only password validation should be done. Because it’s quite misleading to the user.
Alternatives/workarounds
A clear and concise description of any alternative solutions or workarounds you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.