Actions
Bug #26
closedAPI Allows Admin Creation Without Mandatory Fields (Name & Role) Bypassing UI Validation
Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
03/19/2026
Due date:
% Done:
100%
Estimated time:
Description
Environment:
URL: https://dev.akinderwellness.com/pages/adminManagement
Module: Admin Management
API: /api/admin/add-admin
Description:
The UI enforces mandatory fields such as First Name, Last Name, and Role while creating a new admin user. However, the backend API allows admin creation without these required fields.
This results in inconsistent validation between frontend and backend and allows creation of incomplete or misconfigured admin accounts.
Steps to Reproduce:
- Open Postman
- Send POST request to:
/api/admin/add-admin - Provide only:
email
password
Do NOT include:
- first name
- last name
- role
- Send request
Actual Result:
- Admin user is successfully created
- Response returns 200 OK
- User is created with null role and missing name fields
Expected Result:
- API should reject the request
- Proper validation error should be returned:
"First Name is required"
"Last Name is required"
"Role is required"
Files
| BUG AKW0015 Webapp Request.png (390 KB) BUG AKW0015 Webapp Request.png | The web application enforces firstname, lastname and role | ||
| BUG AKW0015 POSTMAN REQUEST.png (302 KB) BUG AKW0015 POSTMAN REQUEST.png | The api doesn't enforce firstname, lastname and role. Only email and password are enough to create account |
Updated by Vivek Kumar about 1 month ago
- Related to Bug #16: Inconsistency between UI and API role assignment while creating admin added
Updated by Adhi Narayanan about 1 month ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Actions