diff --git a/src/auth/password/PasswordAuthMethod.ts b/src/auth/password/PasswordAuthMethod.ts
index d20c99f..48040ab 100644
--- a/src/auth/password/PasswordAuthMethod.ts
+++ b/src/auth/password/PasswordAuthMethod.ts
@@ -57,6 +57,10 @@ export default class PasswordAuthMethod implements AuthMethod<PasswordAuthProof>
         const passwordAuthProof = PasswordAuthProof.createProofForLogin(req.getSession());
         passwordAuthProof.setResource(user);
 
+        await Validator.validate({
+            password: new Validator().defined(),
+        }, req.body);
+
         await passwordAuthProof.authorize(req.body.password);
         try {
             await this.app.as(AuthComponent).getAuthGuard().authenticateOrRegister(
diff --git a/test/Authentication.test.ts b/test/Authentication.test.ts
index bb5405d..2c5bbfc 100644
--- a/test/Authentication.test.ts
+++ b/test/Authentication.test.ts
@@ -210,7 +210,7 @@ describe('Register with email (magic_link)', () => {
                 name: 'angella',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -252,7 +252,7 @@ describe('Register with email (magic_link)', () => {
                 name: 'bow',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -423,7 +423,7 @@ describe('Authenticate with username and password (password)', () => {
                 auth_method: 'password',
             })
             .expect(400);
-        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+        expect(res.body.messages?.password?.name).toStrictEqual('UndefinedValueValidationError');
 
         // Authenticate without password (automatic method)
         res = await agent.post('/auth/login')
@@ -433,7 +433,7 @@ describe('Authenticate with username and password (password)', () => {
                 identifier: 'angella',
             })
             .expect(400);
-        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+        expect(res.body.messages?.password?.name).toStrictEqual('UndefinedValueValidationError');
     });
 });
 
@@ -478,7 +478,7 @@ describe('Authenticate with email (magic_link)', () => {
                 identifier: 'angella@example.org',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -542,7 +542,7 @@ describe('Authenticate with email and password (password)', () => {
                 name: 'double-trouble',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -653,7 +653,7 @@ describe('Change password', () => {
                 name: 'aang',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
     });
@@ -974,7 +974,7 @@ describe('Manage email addresses', () => {
                 name: 'katara',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -1181,7 +1181,7 @@ describe('Session persistence', () => {
                 name: 'zuko',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -1210,7 +1210,7 @@ describe('Session persistence', () => {
                 persist_session: 'on',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -1237,7 +1237,7 @@ describe('Session persistence', () => {
                 persist_session: undefined,
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
diff --git a/test/AuthenticationNoUsername.test.ts b/test/AuthenticationNoUsername.test.ts
index 60182d8..fe93330 100644
--- a/test/AuthenticationNoUsername.test.ts
+++ b/test/AuthenticationNoUsername.test.ts
@@ -54,7 +54,7 @@ describe('Register with email (magic_link)', () => {
                 identifier: 'glimmer@example.org',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);
 
@@ -89,7 +89,7 @@ describe('Register with email (magic_link)', () => {
                 name: 'bow',
             })
             .expect(302)
-            .expect('Location', '/magic/lobby?redirect_uri=');
+            .expect('Location', '/magic/lobby');
 
         await followMagicLinkFromMail(agent, cookies);