Bug #64
closedAdmin Creation API Accepts Invalid and Oversized Input Without Validation (Web-API)
Description
While testing the Admin Creation functionality, it was observed that the API accepts invalid, incorrectly formatted, and excessively large input values across multiple fields without any validation errors.
This results in incorrect data being stored in the system, which may affect data consistency and application behavior.
Steps to Reproduce
- Open Admin Creation API
- Send a POST request with:
- Large text values in input fields
- Invalid email format
- Non-numeric values in numeric fields
- Submit the request
Actual Result
API returns success response:
{
"success": true,
"message": "Registered successfully"
}
Data is stored successfully in database with invalid values
Expected Result
System should validate inputs before processing:
- Reject invalid email formats for email
- Restrict input length for text fields such as:
first_name
last_name
address
City
state
- Enforce numeric-only values for:
phone
zip
- Validate password constraints for:
password
secondary_password (length, allowed characters, consistency rules)
API should return appropriate validation error messages for each invalid field instead of success response.
NOTE: A request in postman is there for producing the error.