JoaoJandre commented on code in PR #7134:
URL: https://github.com/apache/cloudstack/pull/7134#discussion_r1100403927
##########
server/src/main/java/com/cloud/server/ManagementServerImpl.java:
##########
@@ -1095,7 +1096,13 @@ protected Map<String, String> getConfigs() {
@Override
public String generateRandomPassword() {
final Integer passwordLength = vmPasswordLength.value();
- return PasswordGenerator.generateRandomPassword(passwordLength);
+ final String passwordComplexity =
"^(?=.{6,})(?=.*[A-Z])(?=.*[a-z])(?=.*[@#%&^~.,!,?,:,;])"
Review Comment:
You should use the configuration that you created to set the password
complexity, instead of a hard-coding it.
##########
server/src/main/java/com/cloud/server/ManagementServerImpl.java:
##########
@@ -1095,7 +1096,13 @@ protected Map<String, String> getConfigs() {
@Override
public String generateRandomPassword() {
final Integer passwordLength = vmPasswordLength.value();
- return PasswordGenerator.generateRandomPassword(passwordLength);
+ final String passwordComplexity =
"^(?=.{6,})(?=.*[A-Z])(?=.*[a-z])(?=.*[@#%&^~.,!,?,:,;])"
+ String pswd= PasswordGenerator.generateRandomPassword(passwordLength);
+ while (!pswd.matches(passwordComplexity)) {
+ pswd= PasswordGenerator.generateRandomPassword(passwordLength);
+ }
Review Comment:
You should refactor the PasswordGenerator.generateRandomPassword() method so
that it always generates a password based on a configured regex, otherwise, we
do not know how many times will this run. Depending on the configured regex,
this might run forever (if you create a regex that requires two special
symbols, this loop will run forever).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
