Mahara

Password policy setting for only upper and lowercase letters doesn't require uppercase

Bug #1766041 reported by Kristina Hoeppner on 2018-04-22

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Cecilia Vela Gurovic	Mahara 18.10.0
18.04	Fix Released	High	Cecilia Vela Gurovic	Mahara 18.04.1
18.10	Fix Released	High	Cecilia Vela Gurovic	Mahara 18.10.0

Bug Description

Reported at https://mahara.org/interaction/forum/topic.php?id=8232

When the password policy is set to just upper and lowercase characters and a minimum of 8 letters, the following password is accepted even though it doesn't contain an uppercase letter:

maggie12

It seems that uppercase letters are ignored in all scenarios for the password policy and a password is created when they are absent.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-05-22: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8879

Revision history for this message

Steven (stevens-q) wrote on 2018-05-23:

Download full text (3.9 KiB)

Environment tested: Master
Browser tested: Chrome

===================
Manual Test Script
===================

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No symbol allowed ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → successful

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters and numbers
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No symbol allowed ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → success✔

Log in as admin and Set Password Policy to 8 characters + Upper and lower-case letters, numbers, symbols
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered and symbol entered ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No number entered ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → should get error message No symbol entered ✔
---8. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1!) → success ✔

Error message...

Environment tested: Master
Browser tested: Chrome

===================
Manual Test Script
===================

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed  ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No symbol  allowed ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → successful

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters and numbers
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed  ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No symbol  allowed ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → success✔

Log in as admin and Set Password Policy to 8 characters + Upper and lower-case letters, numbers, symbols
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed   ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered and symbol entered  ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No number entered ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → should get error message No symbol entered ✔
---8. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1!) → success ✔

Error message text
1. Password Policy to 8 characters +Upper and lower-case letters
---a. Your password must be at least 8 characters long. Passwords are case sensitive and must be different from your username. Your password must contain upper and lowercase letters.
2. Log in as admin and Set 
---b. Your password must be at least 8 characters long. Passwords are case sensitive and must be different from your username. Your password must contain upper and lowercase letters, numbers
3. Password Policy to 8 characters + Upper and lower-case letters, numbers, symbols
---c. Your password must be at least 8 characters long. Passwords are case sensitive and must be different from your username. Your password must contain upper and lowercase letters, numbers, symbols.

Catalyst QA Approved ✔

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-05-28: A change has been merged

Reviewed: https://reviews.mahara.org/8879
Committed: https://git.mahara.org/mahara/mahara/commit/a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed May 23 10:12:47 2018 +1200

Bug 1766041: check upper and lower case letters in password

behatnotneeded

Change-Id: I798d052506c9acefa0e4b55c993135f3b70d27c5

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-05-28: A patch has been submitted for review

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8901

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-05-28: A change has been merged

Reviewed: https://reviews.mahara.org/8901
Committed: https://git.mahara.org/mahara/mahara/commit/6affad1c5165cae7ce0695f7d7152a4e58c9e8df
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 18.04_STABLE

commit 6affad1c5165cae7ce0695f7d7152a4e58c9e8df
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed May 23 10:12:47 2018 +1200

Bug 1766041: check upper and lower case letters in password

behatnotneeded

Change-Id: I798d052506c9acefa0e4b55c993135f3b70d27c5
(cherry picked from commit a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.