Weak password can be entered on reset password screen #388
Description
Steps to reproduce:
- Request a password reset
- Follow the link to the password reset screen
- Enter a weak password to change to
- Inspect the button and re-enable it
- Submit the weak password and observe it gets updated
This should be properly blocked on the backend, to match the behaviour of the user profile screen, not just in client-side JS/CSS.
This should have been fixed in #152 but looks like we didn't actually check on the backend.
Acceptance criteria:
- ...