Defect #1826
closedSupports special characters in password policy prohibited characters
100%
Description
Please now isn't possible use special characters in prohibited chars.
For example this character base:
ěščřžýáíéúůüöĚŠČŘŽÝÁÍÉŮÚÜÖ+-/\|,<.>/?;:'"\|[{]}`~-_^(),?.:"§!¨'ˇ´=¨
Isn't allowed. After password generation is thrown this error:
java.util.regex.PatternSyntaxException: Dangling meta character '+' near index 0 + ^ at java.util.regex.Pattern.error(Pattern.java:1955) at java.util.regex.Pattern.sequence(Pattern.java:2123) at java.util.regex.Pattern.expr(Pattern.java:1996) at java.util.regex.Pattern.compile(Pattern.java:1696) at java.util.regex.Pattern.<init>(Pattern.java:1351) at java.util.regex.Pattern.compile(Pattern.java:1028) at java.lang.String.replaceAll(String.java:2223) at eu.bcvsolutions.idm.core.api.utils.PasswordGenerator.removeProhibited(PasswordGenerator.java:395) at eu.bcvsolutions.idm.core.api.utils.PasswordGenerator.generateRandom(PasswordGenerator.java:121) at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.generatePassword(DefaultIdmPasswordPolicyService.java:203) at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.generatePasswordByDefault(DefaultIdmPasswordPolicyService.java:243) at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService$$FastClassBySpringCGLIB$$f90f724f.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:651) at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService$$EnhancerBySpringCGLIB$$f672d262.generatePasswordByDefault(<generated>) at eu.bcvsolutions.idm.core.rest.impl.IdmPasswordPolicyController.generateByDefaultPolicy(IdmPasswordPolicyController.java:238) at eu.bcvsolutions.idm.core.rest.impl.IdmPasswordPolicyController$$FastClassBySpringCGLIB$$d8dcb0ff.invoke(<generated>)
Related issues
Updated by Ondřej Kopr over 4 years ago
- Target version changed from Rhyolite (9.7.6) to Rhyolite (9.7.7)
Updated by Radek Tomiška over 4 years ago
- Target version deleted (
Rhyolite (9.7.7))
Updated by Ondřej Kopr about 4 years ago
- Assignee changed from Ondřej Kopr to Ondrej Husník
Hi Ondra, there is Ondra. Please do you have some time for implement this ticket? Customer will be really happy. Thank you :-P
Updated by Ondrej Husník about 4 years ago
- Status changed from New to In Progress
Updated by Ondrej Husník about 4 years ago
- % Done changed from 0 to 90
There were missing at several places encapsulation of strings used in regular expression. Such string needs to have escaped regex meta characters. Adding escape notation solved the problem.
Some tests were modified to catch this problem. I checked related places where similar type of bug could occur but found nothing wrong.
Updated by Ondrej Husník about 4 years ago
- Tracker changed from Feature to Defect
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Ondřej Kopr
Ondrej please, find some time to provide a review of this changes. Thank you.
https://github.com/bcvsolutions/CzechIdMng/pull/81/commits/0bbfeb896bc98cac87a879d6e3849642cead074e
Updated by Radek Tomiška about 4 years ago
- Assignee changed from Ondřej Kopr to Radek Tomiška
Updated by Radek Tomiška about 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Radek Tomiška to Ondrej Husník
- % Done changed from 90 to 100
I did test and code review, it works and code is nice, thx!
Updated by Radek Tomiška about 4 years ago
- Status changed from Resolved to Closed
Updated by Radek Tomiška about 4 years ago
- Related to Defect #1350: Provisioning fails on password generation when forbidden characters are added to password policies added