You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/04/08 10:15:00 UTC

[jira] [Commented] (SYNCOPE-1457) NonAlphaNumeric policy pattern matches the "Not word" character class

    [ https://issues.apache.org/jira/browse/SYNCOPE-1457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16812306#comment-16812306 ] 

ASF subversion and git services commented on SYNCOPE-1457:
----------------------------------------------------------

Commit b2c7e7d9291283ecd631022c0a998ba37a6986c1 in syncope's branch refs/heads/2_1_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=b2c7e7d ]

[SYNCOPE-1457] Applying the suggested fix + moving classes to move appropriate places


> NonAlphaNumeric policy pattern matches the "Not word" character class
> ---------------------------------------------------------------------
>
>                 Key: SYNCOPE-1457
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1457
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.12, 2.1.3
>            Reporter: Dmitriy
>            Assignee: Francesco Chicchiriccò
>            Priority: Minor
>             Fix For: 2.0.13, 2.1.4, 3.0.0
>
>
> Non-alphanumeric characters look like this https://wci.llnl.gov/codes/basis/manual/node161.html
> Seems, that next patterns are incorrect: 
> {code:java}
> org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#NON_ALPHANUMERIC = Pattern.compile(".*\\W.*");
>     p org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#FIRST_NON_ALPHANUMERIC = Pattern.compile("\\W.*");
>    org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#LAST_NON_ALPHANUMERIC = Pattern.compile(".*\\W");
> {code}
> Looks like these pattern should be anyhow symmetric to the:
> {code:java}
>  org.apache.syncope.core.spring.security.DefaultPasswordGenerator#SPECIAL_CHARS = { '!', '£', '%', '&', '(', ')', '?', '#', '$' };
> {code}
> Maybe these patterns should look like these: 
> {code:java}
> private static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|]");
> {code}
>     



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)