Strong password check to consider underscore as a special character 05/1405/1
authorAlessandro Boch <aboch@cisco.com>
Tue, 24 Sep 2013 17:03:19 +0000 (10:03 -0700)
committerAlessandro Boch <aboch@cisco.com>
Tue, 24 Sep 2013 17:07:17 +0000 (10:07 -0700)
ISSUE:
Current strong password check regular expression does not consider '_' as a special character

Change-Id: Ib64fe2e94c1e6c76f24d42bd256f3e708f40d1cc
Signed-off-by: Alessandro Boch <aboch@cisco.com>
opendaylight/usermanager/api/src/main/java/org/opendaylight/controller/usermanager/UserConfig.java
opendaylight/usermanager/api/src/test/java/org/opendaylight/controller/usermanager/AuthorizationUserConfigTest.java

index 07c814a..2e03db1 100644 (file)
@@ -38,7 +38,7 @@ public class UserConfig implements Serializable {
     private static final boolean strongPasswordCheck = Boolean.getBoolean("enableStrongPasswordCheck");
     private static final String BAD_PASSWORD = "Bad Password";
     private static final int USERNAME_MAXLENGTH = 32;
-    protected static final String PASSWORD_REGEX = "(?=.*[^\\w])(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,256}$";
+    protected static final String PASSWORD_REGEX = "(?=.*[^a-zA-Z0-9])(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,256}$";
     private static final Pattern INVALID_USERNAME_CHARACTERS = Pattern.compile("([/\\s\\.\\?#%;\\\\]+)");
     private static MessageDigest oneWayFunction = null;
     static {
index 8c029a7..4c37727 100644 (file)
@@ -153,5 +153,9 @@ public class AuthorizationUserConfigTest {
         // No special characters
         password = "aBc4ef7H8";
         assertFalse(password.matches(regex));
+
+        // Underscore is a special character
+        password = "Azmb_123 ";
+        assertTrue(password.matches(regex));
     }
 }

©2013 OpenDaylight, A Linux Foundation Collaborative Project. All Rights Reserved.
OpenDaylight is a registered trademark of The OpenDaylight Project, Inc.
Linux Foundation and OpenDaylight are registered trademarks of the Linux Foundation.
Linux is a registered trademark of Linus Torvalds.