[SYNCOPE-1457] NonAlphaNumeric policy pattern matches the "Not word" character class - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.12, 2.1.3
Fix Version/s: 2.0.13, 2.1.4, 3.0.0-M0
Component/s: core
Labels:
None

Description

Non-alphanumeric characters look like this https://wci.llnl.gov/codes/basis/manual/node161.html
Seems, that next patterns are incorrect:

org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#NON_ALPHANUMERIC = Pattern.compile(".*\\W.*");
    p org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#FIRST_NON_ALPHANUMERIC = Pattern.compile("\\W.*");
   org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#LAST_NON_ALPHANUMERIC = Pattern.compile(".*\\W");

Looks like these pattern should be anyhow symmetric to the:

 org.apache.syncope.core.spring.security.DefaultPasswordGenerator#SPECIAL_CHARS = { '!', '£', '%', '&', '(', ')', '?', '#', '$' };

Maybe these patterns should look like these:

private static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
private static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
private static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|]");

Attachments

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Dmitriy

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Apr/19 13:20

Updated:: 19/Apr/19 06:53

Resolved:: 08/Apr/19 10:15