syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1457) NonAlphaNumeric policy pattern matches the "Not word" character class
Date Mon, 08 Apr 2019 10:15:00 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16812305#comment-16812305
] 

ASF subversion and git services commented on SYNCOPE-1457:
----------------------------------------------------------

Commit 4d623ddf02bd8b048947c06a47c2adc8090a6f4d in syncope's branch refs/heads/master from
Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=4d623dd ]

[SYNCOPE-1457] Applying the suggested fix + moving classes to move appropriate places


> NonAlphaNumeric policy pattern matches the "Not word" character class
> ---------------------------------------------------------------------
>
>                 Key: SYNCOPE-1457
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1457
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.12, 2.1.3
>            Reporter: Dmitriy
>            Assignee: Francesco Chicchiriccò
>            Priority: Minor
>             Fix For: 2.0.13, 2.1.4, 3.0.0
>
>
> Non-alphanumeric characters look like this https://wci.llnl.gov/codes/basis/manual/node161.html
> Seems, that next patterns are incorrect: 
> {code:java}
> org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#NON_ALPHANUMERIC
= Pattern.compile(".*\\W.*");
>     p org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#FIRST_NON_ALPHANUMERIC
= Pattern.compile("\\W.*");
>    org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#LAST_NON_ALPHANUMERIC
= Pattern.compile(".*\\W");
> {code}
> Looks like these pattern should be anyhow symmetric to the:
> {code:java}
>  org.apache.syncope.core.spring.security.DefaultPasswordGenerator#SPECIAL_CHARS = { '!',
'£', '%', '&', '(', ')', '?', '#', '$' };
> {code}
> Maybe these patterns should look like these: 
> {code:java}
> private static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|]");
> {code}
>     



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message