Skip to content

Commit

Permalink
SAK-32241 Include all character types in password strength calculatio…
Browse files Browse the repository at this point in the history 
…n. (sakaiproject#3976)
  • Loading branch information
@RebeccaMiller-Which @ottenhoff
RebeccaMiller-Which authored and ottenhoff committed Feb 28, 2017
1 parent 402a529 commit 83f4066
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions ...rnel-impl/src/main/java/org/sakaiproject/user/impl/PasswordPolicyProviderDefaultImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

import java.util.Arrays;

import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sakaiproject.component.cover.ComponentManager;
Expand Down Expand Up @@ -77,6 +78,12 @@ public class PasswordPolicyProviderDefaultImpl implements PasswordPolicyProvider
/** array of all special characters (used for calculating password entropy) */
private static final char[] CHARS_SPECIAL = { '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' };

private static char[] allCharacterSets;

static {
allCharacterSets = ArrayUtils.addAll(ArrayUtils.addAll(ArrayUtils.addAll(CHARS_LOWER, CHARS_UPPER), CHARS_DIGIT), CHARS_SPECIAL);
}

/** value for minimum password entropy */
private int minEntropy = DEFAULT_MIN_ENTROPY;

Expand Down Expand Up @@ -172,6 +179,7 @@ public PasswordRating validatePassword(String password, User user) {
characterSets += isCharacterSetPresentInPassword(CHARS_UPPER, password);
characterSets += isCharacterSetPresentInPassword(CHARS_DIGIT, password);
characterSets += isCharacterSetPresentInPassword(CHARS_SPECIAL, password);
characterSets += isOtherCharacterTypePresentInPassword(password);

// Calculate and verify the password strength
int strength = password.length() * characterSets;
Expand Down Expand Up @@ -209,6 +217,22 @@ private int isCharacterSetPresentInPassword(char[] characterSet, String password
return 0;
}

/**
* Determine if any other characters are present in the given password string
* for example letters with accents, Chinese or Arabic characters.
*
* @param password
* the password to be searched
* @return 1 if there is a character not in the other types of character set, 0 otherwise
*/
private int isOtherCharacterTypePresentInPassword(String password) {
for (int i = 0; i < password.length(); i++) {
if (!ArrayUtils.contains(allCharacterSets, password.charAt(i))) {
return 1; // SHORT CIRCUIT
}
}
return 0;
}

private ServerConfigurationService serverConfigurationService;
public void setServerConfigurationService(ServerConfigurationService serverConfigurationService) {
Expand Down

0 comments on commit 83f4066

Please sign in to comment.