This documentation article explains how to add filters to the password field in the database, but when changing a password through an API endpoint, such filters are overlooked, and any password can be chosen.
If it's not possible to use the filters as validation, is there some ressource covering how to enforce security requirements in a "PUT" endpoint function stack?
I'd want the following minimum security requirements for my users' passwords:
- Min 8 characters longs
- At least 1 alphanumeric character
- At least 1 uppercase letter
- At least 1 numeric character