Disallow personal data not working when trying to reset password through my flutter app

Hey, I'm running into an issue with the "disallow personal data in passwords" setting when resetting passwords through my Flutter app.

I've enabled the option in the Security section of the Auth tab, so passwords shouldn’t include parts of the user’s name, email, or phone. It works as expected in the Appwrite web console, but when I test it in my Flutter app, I’m still able to use parts of my email in the new password.

I’ve added some client-side filtering on my flutter app, but it seems like Appwrite is allowing it on the server side. Any idea why that’s happening?

TL;DR

Issue: Disallow personal data setting not working for password reset in Flutter app while it works in Appwrite web console. Solution: The server-side validation might not be activated properly. Make sure the disallow personal data setting is also enforced on the server side to prevent using sensitive data in passwords.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support