mdarifmustafa / vt-middleware

Automatically exported from code.google.com/p/vt-middleware
0 stars 0 forks source link

vt-password: CharacterCharacteristicsRules should only create one error message #189

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
At present, a CharacterCharacteristicsRule generates multiple error messages 
for each CharacterRule that it encompasses. So, if you have one that comprises 
of a digit rule and an uppercase rule then validating the password "!" would 
generate three error messages:

password must contain at least one digit
password must contain at least one uppercase character
password matches 0 of 2 character rules but 1 is required

Firstly, this is a lot of error messages. However, the first two are actually 
incorrect - passwords that have uppercase characters don't need a digit and 
vice-versa.

It would be better if only a single error message was produced along the lines 
of "password must contain at least n of the following: uppercase characters, 
digits".

dfisher's proposal to solve this is:

Perhaps the characteristics rule could present a single error message that is 
derived from the messages produced from the rules it contains by modifying 
message properties and performing concatenation.
What if the message looked like: INSUFFICIENT_CHARACTERISTICS=Passwords must 
contain at least %2$s of the following:
and everything following the ':' was the messages produces by the rules it 
contained. In your case, INSUFFICIENT_CHARACTERS=%1$s %2$s characters

See https://groups.google.com/forum/#!topic/vt-middleware-users/kJeBvn3NiiU for 
discussion.

Original issue reported on code.google.com by max.spi...@york.ac.uk on 14 Aug 2013 at 3:56

GoogleCodeExporter commented 8 years ago
Added a boolean property to CharacterCharacteristicsRule to control the 
reporting of failures.
https://github.com/vt-middleware/passay/issues/14

Note that vt-password is in maintenance, and only receiving security patches.

Original comment by dfis...@gmail.com on 13 Oct 2014 at 8:34