edwinvanelk
commented
2 years ago What can be done to get this issue included in a future version of the CommunityCommons module to be able to generate Random passwords that match the security setting “Require mixed case [This requires the password to contain both lowercase and uppercase characters]”?
I was thinking about almost the same solution: adding a parameter like noOfLCAlpha to be able to specify a minimum amount of lowercase characters too.
atennapel
Generating hundreds of random passwords for Mendix System.User accounts, it would often fail with the error "Password does not meet password criteria: - Password should contain a lowercase letter" because it didn't meet the password criteria requiring a mix of lowercase and uppercase letters, numbers, and special characters. When I checked the passwords that failed, all were missing lowercase letters. When I examined the method generateCommonLangPassword in StringUtils, and followed it all the way into the Apache RandomStringUtils code, I could see why.
The generateCommonLangPassword method in the StringUtils class of the CommunityCommons Java code never specifically generates lowercase characters so the random strings it generates sometimes don't have lowercase letters.
I have fixed this in my own project by modifying the method. It forces the code to always generate at least 1 lowercase letter. See the comments and code in pull request #113 "Random strong password fix".
You can see how this fails in this project:
https://randomstrongpasswordtest-sandbox.mxapps.io/