[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #22 from David Cook <dcook at prosentient.com.au> ---
Apologies if people find this uninteresting.

Keycloak's LowerCasePasswordPolicyProvider.java file uses Java's
Character.isLowerCase() function...

Looking at OpenJDK 8...

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/dc4322602480/src/share/classes/java/lang/Character.java#l5451

That appears to use Unicode code points (as integers)...

With CharacterData, it does some bit math to use some generated character class
lookups it seems... 
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/java/lang/CharacterData.java

It's a rabbit hole, but Java really does seem to be king when it comes to
working with character data...

Going back to Keycloak, SpecialCharsPasswordPolicyProvider.java seems to
indicate that anything that doesn't return true for Character.isLetterOrDigit
is a "special character". 

According to Java, "Not all letters have case. Many characters are letters but
are neither uppercase nor lowercase nor titlecase". Interesting. Apparently
that's in regards to the "Lo" "Other Letter" Unicode category
(https://www.compart.com/en/unicode/category/Lo) with Arabic being one of the
most obvious examples. 

And according to Java, "isLetter" is only uppercase letters, lowercase letters,
title case letters, modifier letters, and other letters with "modifier letters"
being the "Lm" category (https://www.compart.com/en/unicode/category/Lm). 

Java has an isIdeographic function for checking CJKV characters, but that seems
to rely on a generated code point lookup table (although I haven't fully
explored that path).

-- 
You are receiving this mail because:
You are watching all bug changes.