- Create/Reset password page show the list of password requirements
- Password requirements are
Must have a minimum of 8 characters
Must have at least one numeric character
Must have at least one special character
Must have a combination of lowercase and uppercase letters
For this feature we should use <PasswordValidationField> component from stripes-smart-components. It already has implemented logic that calls /tenant/rules endpoint to fetch validation rules and uses them to validate password input.
One blocker that we have - the endpoint requires validation.rules.collection.get permission. But because on Password reset page a user is not logged in - they also don't have any permissions.
Perhaps we can add an exception to allow requests from that page? Have we had this kind of issue before?