Closed Bug 897264 Opened 11 years ago Closed 11 years ago

letters_numbers_specialchars password restriction is incorrect

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: mail, Assigned: mail)

References

Details

Attachments

(1 file, 2 obsolete files)

bug897264-v3.patch
(deleted), patch
LpSolit
: review+
Details | Diff | Splinter Review
The regular expression used for the letters_numbers_specialchars password is incorrect, as a letter does not need to be used. For example, '1234567!' is would be considered to be a valid password.
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.4
Attached patch bug897264-v1.patch (obsolete) (deleted) — Splinter Review
Also fixed up the alignment of the error message since I was in that area anyway.
Attachment #780721 - Flags: review?(dkl)
Why do you replace \d by [[:digit:]]?
(In reply to Frédéric Buclin from comment #2) > Why do you replace \d by [[:digit:]]? For consistency. AFAIK, they are the same (whereas [:alpha:] and \w are different). Plain English '[:digit:]' is also easier to read than the more cryptic '\d' -- simon
Comment on attachment 780721 [details] [diff] [review] bug897264-v1.patch I don't care about readability. \d is used everywhere in our codebase and is well understood. We don't use [[:digit:]] anywhere else. I don't call that consistency. Please revert this change.
Attachment #780721 - Flags: review?(dkl) → review-
Attached patch v2 patch (obsolete) (deleted) — Splinter Review
Attachment #780721 - Attachment is obsolete: true
Attachment #782426 - Flags: review?(LpSolit)
Comment on attachment 782426 [details] [diff] [review] v2 patch >=== modified file 'template/en/default/global/user-error.html.tmpl' >+ [% IF passregex.search('letters') %] >+ [% IF passregex.search('specialchars') %] >+ <li>letter</li> >+ [% ELSE %] >+ <li>UPPERCASE letter</li> >+ <li>lowercase letter</li> >+ [% END %] >+ [% END %] >+ [% IF passregex.search('numbers') %] >+ <li>digit</li> >+ [% END %] >+ [% IF passregex.search('specialchars') %] >+ <li>special character</li> >+ [% END %] As you are now looking twice for 'specialchars', please combine them together: [% IF passregex == 'letters_numbers_specialchars' %] <li>letter</li> <li>special character</li> [% ELSIF passregex.search('letters') %] <li>UPPERCASE letter</li> <li>lowercase letter</li> [% END %] [% IF passregex.search('numbers') %] <li>digit</li> [% END %]
Attachment #782426 - Flags: review?(LpSolit) → review-
Attached patch bug897264-v3.patch (deleted) — Splinter Review
Attachment #782426 - Attachment is obsolete: true
Attachment #784690 - Flags: review?(LpSolit)
Comment on attachment 784690 [details] [diff] [review] bug897264-v3.patch r=LpSolit
Attachment #784690 - Flags: review?(LpSolit) → review+
Flags: approval?
Flags: approval4.4?
09:20 <@LpSolit> pfff, I reviewed it, you can approve it
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8688. Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.4/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8588.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Actually, this parameter has been implemented in Bugzilla 4.2, see bug 558803. As it affects the security-level of your passwords, it may be important to fix this bug there too.
Depends on: 558803
Flags: approval4.2?
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Flags: approval4.2? → approval4.2+
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.2/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8221.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: