Description of problem:
It's possible to change password to empty string using API. The password of zero length shouldn't be accepted by any API endpoint.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a user with valid password
2. Change user's password to empty string
The user's password is changed to empty string
WA api will refuse to perform the action if the new password is an empty string.
> Does the API do validation of the password characteristics?
The API checks the length of the password and doesn't allow passwords of length 1-8 or greater than 128 characters, as was required in BZ https://bugzilla.redhat.com/show_bug.cgi?id=1610947
However, empty string is accepted as a password when user details are being edited.