[
https://issues.apache.org/jira/browse/SYNCOPE-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18090638#comment-18090638
]
Andrea Patricelli commented on SYNCOPE-1979:
--------------------------------------------
The issue is not only about the case, but about strings contained in password.
Check on not permitted schemas or words from [this
commit|https://github.com/apache/syncope/commit/343714fe7ed5dcc1d8303efa3733c9c09aae9d1a]
are no more verified as substrings, but as complete string.
> Password policy control over not permitted schemas and words does not work on
> substrings
> -----------------------------------------------------------------------------------------
>
> Key: SYNCOPE-1979
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1979
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 4.0.6, 4.1.0
> Reporter: Andrea Patricelli
> Assignee: Andrea Patricelli
> Priority: Major
> Fix For: 4.0.7, 4.1.2, 5.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> # Login in console as admin user and define a new password policy with not
> permitted words, say "notpermitted1" and "notpermitted2" and not permitted
> schemas, say "firstname" and assign it to root realm.
> # Pick one user, (e.g. bellini in the sample environment) and set the
> password with some string containing "notpermitted1", e.g.
> "Notpermitted12345!" or the firstname of the user, e.g. "Bellini12345!".
> # Password is going to be validated successfully and update passed, though
> it should fail because the password contains (ignoring case) not permitted
> words or schemas.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
