Closed Bug 897264 Opened 11 years ago Closed 11 years ago

letters_numbers_specialchars password restriction is incorrect

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: mail, Assigned: mail)

References

Details

Attachments

(1 file, 2 obsolete files)

bug897264-v3.patch
2.14 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review 
The regular expression used for the letters_numbers_specialchars password is incorrect, as a letter does not need to be used. For example, '1234567!' is would be considered to be a valid password.
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.4
Attached patch bug897264-v1.patch (obsolete) — Splinter Review 
Also fixed up the alignment of the error message since I was in that area anyway.
Attachment #780721 - Flags: review?(dkl)
Why do you replace \d by [[:digit:]]?
(In reply to Frédéric Buclin from comment #2)
> Why do you replace \d by [[:digit:]]?

For consistency. AFAIK, they are the same (whereas [:alpha:] and \w are different). Plain English '[:digit:]' is also easier to read than the more cryptic '\d'

  -- simon
Comment on attachment 780721 [details] [diff] [review]
bug897264-v1.patch

I don't care about readability. \d is used everywhere in our codebase and is well understood. We don't use [[:digit:]] anywhere else. I don't call that consistency. Please revert this change.
Attachment #780721 - Flags: review?(dkl) → review-
Attached patch v2 patch (obsolete) — Splinter Review 

        Attachment #780721 -
        Attachment is obsolete: true

        Attachment #782426 -
        Flags: review?(LpSolit)

    
    

    
  
Comment on attachment 782426 [details] [diff] [review]
v2 patch

>=== modified file 'template/en/default/global/user-error.html.tmpl'

>+      [% IF passregex.search('letters') %]
>+        [% IF passregex.search('specialchars') %]
>+          <li>letter</li>
>+        [% ELSE %]
>+          <li>UPPERCASE letter</li>
>+          <li>lowercase letter</li>
>+        [% END %]
>+      [% END %]
>+      [% IF passregex.search('numbers') %]
>+        <li>digit</li>
>+      [% END %]
>+      [% IF passregex.search('specialchars') %]
>+        <li>special character</li>
>+      [% END %]

As you are now looking twice for 'specialchars', please combine them together:

 [% IF passregex == 'letters_numbers_specialchars' %]
   <li>letter</li>
   <li>special character</li>
 [% ELSIF passregex.search('letters') %]
   <li>UPPERCASE letter</li>
   <li>lowercase letter</li>
 [% END %]

 [% IF passregex.search('numbers') %]
   <li>digit</li>
 [% END %]

        Attachment #782426 -
        Flags: review?(LpSolit) → review-

    
    

    
  


  

        Attachment #782426 -
        Attachment is obsolete: true

        Attachment #784690 -
        Flags: review?(LpSolit)

    
    

    
  
Comment on attachment 784690 [details] [diff] [review]
bug897264-v3.patch

r=LpSolit

        Attachment #784690 -
        Flags: review?(LpSolit) → review+

    
  
Flags: approval?
Flags: approval4.4?

    
    

    
  
09:20 <@LpSolit> pfff, I reviewed it, you can approve it
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+

    
    

    
  
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/User.pm
modified template/en/default/global/user-error.html.tmpl
Committed revision 8688.                                                       

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/User.pm
modified template/en/default/global/user-error.html.tmpl
Committed revision 8588.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED

    
    

    
  
Actually, this parameter has been implemented in Bugzilla 4.2, see bug 558803. As it affects the security-level of your passwords, it may be important to fix this bug there too.
Depends on: 558803
Flags: approval4.2?
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Flags: approval4.2? → approval4.2+

    
    

    
  
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.2/                         
modified Bugzilla/User.pm
modified template/en/default/global/user-error.html.tmpl
Committed revision 8221.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: