Account creation succeeds with empty strings for username, email, password

[jordanhbuiltbyhq]

Issue Description

If you submit an empty string for username, email, and password and trigger sign up from the iOS SDK, an account is created. A random username is generated. Email is empty string. I assume password is an empty string as well, but I cannot verify because login prevents you from signing in with empty string for the password.

Steps to reproduce

Run this code on iOS (SDK 1.14.3):

let user = PFUser()
user.email = ""
user.username = ""
user.password = ""
user.signUpInBackground { (success, error) in
    //gasp, succeeded with no error
}

Expected Results

Validations should fail with error stating you cannot create an account, probably should not accept empty string for any of those but certainly not all three.

Actual Outcome

An account is created successfully

Environment Setup

• Server

  • parse-server version: 2.3.7
  • Operating System: assuming linux
  • Hardware: not sure
  • Localhost or remote server? Remote on Heroku

• Database

  • MongoDB version: 3.2.12 (MMAPv1)
  • Storage engine: not sure
  • Hardware: not sure
  • Localhost or remote server? Remote on mLab

Logs/Trace

Not applicable

[imwiss]

Hey @jordanhbuiltbyhq, I just fixed this issue in PR #3650 and the fix should be out in the next release. The fix prevents signing up with an empty username or password, but it doesn't check for empty emails. Technically, since the email field is an index, 2 users shouldn't be able to sign up with an empty email address.