parse-server: passwordPolicy empty string is not flowing thru

We use GitHub Issues for bugs.

If you have a non-bug question, ask on Stack Overflow or Server Fault:

• https://stackoverflow.com/questions/tagged/parse.com
• https://serverfault.com/tags/parse

You may also search through existing issues before opening a new one: https://github.com/ParsePlatform/Parse-Server/issues?utf8=✓&q=is%3Aissue

— Please use this template. If you don’t use this template, your issue may be closed without comment. —

Issue Description

I’m using the passwordPolicy in the constructor of the ParseServer, the password policy don’t get called if the password string is an empty string. if the password is a empty string the password is accepted.

Steps to reproduce

using the iOS sdk to signup new user, setting the user password to an empty string. the validation rules in my server are not called.i have test it with console.log if the string isn’t empty the validation function is called.

Expected Results

the server should return: Password does not meet the Password Policy requirements. (Code: 142, Version: 1.14.2)

Actual Outcome

the user is created with empty string as it password.

Environment Setup

• Server

  • parse-server version (Be specific! Don’t say ‘latest’.) : 2.3.5
  • Operating System: Heroku hobby dynos
  • Hardware: Heroku hobby dynos
  • Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Heroku

• Database

  • MongoDB version: mongod version: 3.2.11
  • Storage engine: [FILL THIS OUT]
  • Hardware: [FILL THIS OUT]
  • Localhost or remote server?: mLab sandbox

Logs/Trace

var api = new ParseServer({
  databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
  cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
  appId: process.env.APP_ID || '***',
  masterKey: process.env.MASTER_KEY || '***',
  serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse',
  verifyUserEmails: true,
  emailVerifyTokenValidityDuration: 2 * 60 * 60,
  preventLoginWithUnverifiedEmail: false, 
  publicServerURL: process.env.SERVER_URL || 'http://localhost:1337/parse',
  appName: '*** App',
  emailAdapter: {
    module: 'parse-server-simple-mailgun-adapter',
    options: {
      fromAddress: 'noreply@***.co',
      domain: 'mg.***.co',
      apiKey: 'key-***',
    }
  },
  accountLockout: {
    duration: 5,less than 100000.
    threshold: 3, 
  },
  passwordPolicy: {
    validatorCallback: (password) => { return validatePassword(password) }, 
    doNotAllowUsername: true,
    maxPasswordAge: 90, 
    maxPasswordHistory: 5,
    resetTokenValidityDuration: 24*60*60, 
  }
});

function validatePassword(password) {
  var isValid = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$/.test(password) && password !== "";
  console.log("password: ");
  console.log( password);
  console.log(isValid.toString());

  return isValid;
}