search

linuxmuster / linuxmuster-webui7

Next generation web interface for linuxmuster.net v7.
https://www.linuxmuster.net
GNU General Public License v3.0
12 stars 8 forks source link

"Change password dialog" rejects passwords that match the complexity criteria #254

Closed lemertens closed 2 years ago

lemertens commented 2 years ago

When checking new user passwords the webui's input validator does not meet the configured complexity criteria. Example: genial+nyloN+atmen or rsHWpJ-Hbbqbj are passwords that do meet the critera ( capital letter, non-capital letter, at least one special character). It is accepted when used with sophomorix-passwd --user ... --pass ... Nevertheless they get rejected when used in the webui's change password dialog as "not meeting the complexity critera".

Error might be located in /usr/lib/linuxmuster-webui/plugins/lmn_auth/api.py in 

def check_password_complexity(self, password):
        strong_pw = re.match('(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*()]|(?=.*\d)).{7,}', password)

as the regular expression for strong passwords lacks some of the allowed characters (+ - { } [ ] )

Another incomplete regex for strong passwords is located in

/usr/lib/linuxmuster-webui/plugins/lmn_common/resources/js/services/validation.coffee
kiarn commented 2 years ago

Hello @lemertens

Thanks for the feedback, I indeed forgot some chars in this function. It's now done.

Arnaud