You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (JIRA)" <ji...@apache.org> on 2019/04/08 10:16:00 UTC
[jira] [Resolved] (SYNCOPE-1457) NonAlphaNumeric policy pattern
matches the "Not word" character class
[ https://issues.apache.org/jira/browse/SYNCOPE-1457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò resolved SYNCOPE-1457.
---------------------------------------------
Resolution: Fixed
> NonAlphaNumeric policy pattern matches the "Not word" character class
> ---------------------------------------------------------------------
>
> Key: SYNCOPE-1457
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1457
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.12, 2.1.3
> Reporter: Dmitriy
> Assignee: Francesco Chicchiriccò
> Priority: Minor
> Fix For: 2.0.13, 2.1.4, 3.0.0
>
>
> Non-alphanumeric characters look like this https://wci.llnl.gov/codes/basis/manual/node161.html
> Seems, that next patterns are incorrect:
> {code:java}
> org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#NON_ALPHANUMERIC = Pattern.compile(".*\\W.*");
> p org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#FIRST_NON_ALPHANUMERIC = Pattern.compile("\\W.*");
> org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#LAST_NON_ALPHANUMERIC = Pattern.compile(".*\\W");
> {code}
> Looks like these pattern should be anyhow symmetric to the:
> {code:java}
> org.apache.syncope.core.spring.security.DefaultPasswordGenerator#SPECIAL_CHARS = { '!', '£', '%', '&', '(', ')', '?', '#', '$' };
> {code}
> Maybe these patterns should look like these:
> {code:java}
> private static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|]");
> {code}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)