From e50cc35140aff4c1a9b5d6a867a75041d8d5910b Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 2 Jan 2024 13:23:08 +0100
Subject: [PATCH] Validate password on admin creation

---
 packages/builder/src/pages/builder/admin/index.svelte | 2 +-
 packages/worker/src/api/controllers/global/users.ts   | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/builder/src/pages/builder/admin/index.svelte b/packages/builder/src/pages/builder/admin/index.svelte
index 9723c6b621..a9c9748216 100644
--- a/packages/builder/src/pages/builder/admin/index.svelte
+++ b/packages/builder/src/pages/builder/admin/index.svelte
@@ -38,7 +38,7 @@
       $goto("../portal")
     } catch (error) {
       submitted = false
-      notifications.error("Failed to create admin user")
+      notifications.error(error.message || "Failed to create admin user")
     }
   }
 </script>
diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts
index b0e3219656..257d2b9a89 100644
--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@@ -27,6 +27,7 @@ import {
   platform,
   tenancy,
   db,
+  security,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
 import { isEmailConfigured } from "../../../utilities/email"
@@ -98,6 +99,11 @@ export const adminUser = async (
     ctx.throw(403, "Organisation already exists.")
   }
 
+  const passwordValidation = security.validatePassword(password)
+  if (!passwordValidation.valid) {
+    ctx.throw(400, passwordValidation.error)
+  }
+
   if (env.MULTI_TENANCY) {
     // store the new tenant record in the platform db
     await platform.tenants.addTenant(tenantId)