Project

General

Profile

Actions
Copy link

Bug #26

closed

API Allows Admin Creation Without Mandatory Fields (Name & Role) Bypassing UI Validation

Added by Vivek Kumar about 1 month ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
03/19/2026
Due date:
% Done:

100%

Estimated time:

Description

Environment:
URL: https://dev.akinderwellness.com/pages/adminManagement
Module: Admin Management
API: /api/admin/add-admin

Description:
The UI enforces mandatory fields such as First Name, Last Name, and Role while creating a new admin user. However, the backend API allows admin creation without these required fields.
This results in inconsistent validation between frontend and backend and allows creation of incomplete or misconfigured admin accounts.

Steps to Reproduce:

  1. Open Postman
  2. Send POST request to:/api/admin/add-admin
  3. Provide only:
    email
    password
    Do NOT include:
  • first name
  • last name
  • role
  1. Send request

Actual Result:

  • Admin user is successfully created
  • Response returns 200 OK
  • User is created with null role and missing name fields

Expected Result:

  • API should reject the request
  • Proper validation error should be returned:

"First Name is required"
"Last Name is required"
"Role is required"

Files

Download all files
BUG AKW0015 Webapp Request.png (390 KB) BUG AKW0015 Webapp Request.png The web application enforces firstname, lastname and role Vivek Kumar, 03/19/2026 11:04 AM
BUG AKW0015 POSTMAN REQUEST.png (302 KB) BUG AKW0015 POSTMAN REQUEST.png The api doesn't enforce firstname, lastname and role. Only email and password are enough to create account Vivek Kumar, 03/19/2026 11:04 AM

Related issues 1 (0 open1 closed)

Related to Bug #16: Inconsistency between UI and API role assignment while creating adminClosed03/13/2026

Actions
Actions
Copy link

Also available in: Atom PDF