Defect #1880
closed
Password validation policies throwing weird errors
100%
Description
- Basic config
- Standard policy
- Min chars 8
- Min UC chars 0
- Min LC chars 1
- Min numbers 1
- Min special chars 0
- Extended config
- Extended check
- Mandatory password length
- Min conditions for policy 3
- Identity attributes to check: username, firstname, lastname, mail
When I am trying to set user password to "simplepass1" (without quotes), IdM displays weir error (screenshot).
Assigning ot @kopro , please reassign as needed.
Files
Updated by Radek Tomiška almost 5 years ago
- Assignee changed from Ondřej Kopr to Ondrej Husník
Updated by Ondrej Husník almost 5 years ago
- Status changed from New to Needs feedback
- Assignee changed from Ondrej Husník to Radek Tomiška
- % Done changed from 0 to 90
This defect was caused by evaluation of regexp when testing the password for meeting set constrains. If any of password count constrains (such as minimal count of upper, lower, digits or special characters) are explicitly set to 0, the regular expression may look like this (.*[<set of characters>].*){0,}. Method matching such regexp against password which doesn't contain any of enumerated characters returns false. This behavior might have not been expected, because 0 occurrences are allowed.
Updated by Ondrej Husník almost 5 years ago
Changed approach how to cope with setting of the minimal count of characters to zero.
Created a test for this special use case.
Please do a review for me.
https://github.com/bcvsolutions/CzechIdMng/pull/89/commits/3d6ff477a844a28a1109f6f7ca95256b1e52cf88
Updated by Radek Tomiška almost 5 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Ondrej Husník
- % Done changed from 90 to 100
I did test and code review, is awesome, thx!