Project

General

Profile

Actions

Defect #1880

closed

Password validation policies throwing weird errors

Added by Petr Fišer over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondrej Husník
Category:
Password policy
Target version:
Start date:
09/27/2019
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

I created a password validation policy with following parameters:
  • Basic config
    • Standard policy
    • Min chars 8
    • Min UC chars 0
    • Min LC chars 1
    • Min numbers 1
    • Min special chars 0
  • Extended config
    • Extended check
    • Mandatory password length
    • Min conditions for policy 3
    • Identity attributes to check: username, firstname, lastname, mail

When I am trying to set user password to "simplepass1" (without quotes), IdM displays weir error (screenshot).

Assigning ot @kopro , please reassign as needed.


Files

politiky_0.png (102 KB) politiky_0.png Petr Fišer, 09/27/2019 12:25 PM
Actions #1

Updated by Radek Tomiška about 4 years ago

  • Assignee changed from Ondřej Kopr to Ondrej Husník
Actions #2

Updated by Ondrej Husník about 4 years ago

  • Status changed from New to Needs feedback
  • Assignee changed from Ondrej Husník to Radek Tomiška
  • % Done changed from 0 to 90

This defect was caused by evaluation of regexp when testing the password for meeting set constrains. If any of password count constrains (such as minimal count of upper, lower, digits or special characters) are explicitly set to 0, the regular expression may look like this (.*[<set of characters>].*){0,}. Method matching such regexp against password which doesn't contain any of enumerated characters returns false. This behavior might have not been expected, because 0 occurrences are allowed.

Actions #3

Updated by Ondrej Husník about 4 years ago

Changed approach how to cope with setting of the minimal count of characters to zero.
Created a test for this special use case.
Please do a review for me.

https://github.com/bcvsolutions/CzechIdMng/pull/89/commits/3d6ff477a844a28a1109f6f7ca95256b1e52cf88

Actions #4

Updated by Radek Tomiška about 4 years ago

  • Target version set to 10.2.0
Actions #5

Updated by Radek Tomiška about 4 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Radek Tomiška to Ondrej Husník
  • % Done changed from 90 to 100

I did test and code review, is awesome, thx!

Actions

Also available in: Atom PDF