Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
password_policy doesn't reject passwords like "aaa", "aaaa", or even "aaaaa" when the consecutive letter constraint is set to three. I stepped through it with the debugger and I think the regex is wrong. See patch.
Comment | File | Size | Author |
---|---|---|---|
#6 | password_policy-consecutive_regex-2127421-6.patch | 2.14 KB | jsagotsky |
Comments
Comment #1
jsagotsky CreditAttribution: jsagotsky commentedNew issue queue keeps eating my patch. Here's a link instead. https://gist.github.com/sagotsky/7321750
(Not that this helps drush make...)
Comment #2
erikwebb CreditAttribution: erikwebb commentedHow does the consecutive constraint test pass if this is an issue? Should we update that test to use "2" as the count as well?
Comment #3
erikwebb CreditAttribution: erikwebb commentedComment #4
jsagotsky CreditAttribution: jsagotsky commentederikwebb,
Yeah, it looks like the test needs an update. I wrote a quick script to mimic the test with the original and patched patterns.
Results are identical when the constraint is 1. When I up it to 2, the original pattern lets through 'aab' and 'aaab'.
Comment #5
erikwebb CreditAttribution: erikwebb commentedOkay, please include an update to our test in the patch.
Comment #6
jsagotsky CreditAttribution: jsagotsky commentedComment #7
jsagotsky CreditAttribution: jsagotsky commentedUpdated. Just in case the issue queue continues to be wonky about uploads, here's a gist. https://gist.github.com/sagotsky/7321750#file-password_policy-consecutiv...
Comment #8
coltrane(setting to CNR so testbot will have it tested)
Comment #9
coltrane#6 passed tests and also worked for me locally. RTBC I think
Comment #10
erikwebb CreditAttribution: erikwebb commentedThanks!
http://drupalcode.org/project/password_policy.git/commit/5f4c971