min length validator: handle passwordless users gracefully

2 files changed, 8 insertions, 1 deletions

diff --git a/src/rabbit_credential_validator_min_password_length.erl b/src/rabbit_credential_validator_min_password_length.erl
index 24a0dec930..c93f5a3ae1 100644
--- a/src/rabbit_credential_validator_min_password_length.erl
+++ b/src/rabbit_credential_validator_min_password_length.erl
@@ -49,6 +49,9 @@ validate(Username, Password) ->
 
 -spec validate(rabbit_types:username(), rabbit_types:password(), integer()) -> 'ok' | {'error', string(), [any()]}.
 
+%% passwordless users
+validate(_Username, undefined, MinLength) ->
+    {error, rabbit_misc:format("minimum required password length is ~B", [MinLength])};
 validate(_Username, Password, MinLength) ->
     case size(Password) >= MinLength of
         true  -> ok;
diff --git a/test/credential_validation_SUITE.erl b/test/credential_validation_SUITE.erl
index 791eb72630..324d523797 100644
--- a/test/credential_validation_SUITE.erl
+++ b/test/credential_validation_SUITE.erl
@@ -125,7 +125,11 @@ min_length_fails(_Config) ->
     Pwd3 = crypto:strong_rand_bytes(10),
     ?assertMatch({error, _}, F(?USERNAME, Pwd3, 15)),
     Pwd4 = crypto:strong_rand_bytes(50),
-    ?assertMatch({error, _}, F(?USERNAME, Pwd4, 60)).
+    ?assertMatch({error, _}, F(?USERNAME, Pwd4, 60)),
+    Pwd5 = undefined,
+    ?assertMatch({error, _}, F(?USERNAME, Pwd5, 60)),
+    Pwd6 = <<"">>,
+    ?assertMatch({error, _}, F(?USERNAME, Pwd6, 60)).
 
 min_length_succeeds(_Config) ->
     F = fun rabbit_credential_validator_min_password_length:validate/3,