directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1393278 - /directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java
Date Wed, 03 Oct 2012 03:48:30 GMT
Author: elecharny
Date: Wed Oct  3 03:48:30 2012
New Revision: 1393278

URL: http://svn.apache.org/viewvc?rev=1393278&view=rev
Log:
Bypassed the empty tokens (two consecutive non alphanumerics) and token with less than 4 chars.
Fixes DIRSERVER-1726 

Modified:
    directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java

Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java?rev=1393278&r1=1393277&r2=1393278&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java
(original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.java
Wed Oct  3 03:48:30 2012
@@ -72,13 +72,18 @@ public class DefaultPasswordValidator im
 
         String[] tokens = username.split( "[^a-zA-Z]" );
 
-        for ( int ii = 0; ii < tokens.length; ii++ )
+        for ( String token : tokens )
         {
-            if ( password.matches( "(?i).*" + tokens[ii] + ".*" ) )
+            if ( ( token == null ) || ( token.length() < 4 ) )
+            {
+                // Two short : continue with the next token
+                continue;
+            }
+
+            if ( password.matches( "(?i).*" + token + ".*" ) )
             {
                 throw new PasswordPolicyException( "Password shouldn't contain parts of the
username", 5 );// 5 == PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY
             }
         }
     }
-
 }



Mime
View raw message