[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Sep 30 06:30:13 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #23 from David Cook <dcook at prosentient.com.au> ---
I mention Keycloak as well, since Keycloak is actually an Angular app which
uses Java for its backend. 

When I set a password policy and try to set a password that doesn't match it, I
get a 400 error, so it's clearly sending the password to the backend for
validation. 

We may want to do the same thing here so that we can centralize the password
validation code in Perl (rather than trying to have equivalents in both Perl
and Javascript).

Note also that Perl has \p{} and \P{} constructs for matching Unicode
properties. For example, \p{Uppercase}, although of course you could just use
the [:upper:] POSIX construct instead.

That said, it turns out that Javascript (unsure of versions) does have support
for \p and \P in regular expressions as well..., so a person can do the
following to check if a character is uppercase:

function is_upper(value){
  return /\p{Uppercase}/u.test(value);
}

Likewise to detect a "letter":
function is_letter(value){
  return /\p{Letter}/u.test(value);
}
This matches alphabetic characters as well as Chinese characters it appears.
According to https://www.compart.com/en/unicode/U+6211, 我 is a member of the
"Other Letter" category. 

Take a look at https://www.regular-expressions.info/unicode.html for a full
list of Unicode categories. 

To get the equivalent of Java Character.isLetterOrDigit, we'd basically just
need a regular expression like the following (the difference being that the
following includes the Cased_Letter category too which is OK as it's already
covered by Lowercase_Letter and Uppercase_Letter):

(\p{Letter}|\p{Decimal_Digit_Number}). 

Going back to Javascript and browser compatibility:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Browser_compatibility

It looks like Unicode property escapes are supported in Javascript except
for... "Internet Explorer" and "Firefox for Android". There is also a note
about case folding for Edge, although I think that's for the pre-Chromium Edge. 

Anyway, again, just my 2 cents. It was interesting research/experiments, and
hopefully it is useful. If not for this patch then at least other parts of
Koha.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list