Password policy setting for only upper and lowercase letters doesn't require uppercase

Bug #1766041 reported by Kristina Hoeppner on 2018-04-22
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
High
Cecilia Vela Gurovic
18.04
High
Cecilia Vela Gurovic
18.10
High
Cecilia Vela Gurovic

Bug Description

Reported at https://mahara.org/interaction/forum/topic.php?id=8232

When the password policy is set to just upper and lowercase characters and a minimum of 8 letters, the following password is accepted even though it doesn't contain an uppercase letter:

maggie12

It seems that uppercase letters are ignored in all scenarios for the password policy and a password is created when they are absent.

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8879

Revision history for this message
Steven (stevens-q) wrote :
Download full text (3.9 KiB)

Environment tested: Master
Browser tested: Chrome

===================
Manual Test Script
===================

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No symbol allowed ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → successful

Log in as admin and Set Password Policy to 8 characters +Upper and lower-case letters and numbers
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No symbol allowed ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → success✔

Log in as admin and Set Password Policy to 8 characters + Upper and lower-case letters, numbers, symbols
---1. New user try and set password = 8 characters all lower-case (passwordpassword) ---> should get error message NO UPPER-CASE USED ✔
---2. New user try and set password = 8 characters all upper-case (PASSWORDPASSWORD) ---> should get error message NO LOWER-CASE USED ✔
---3. New user try and set password = 8 characters all upper and lower case + number (PASSWORDPASSWORD!) → should get error message No numbers allowed ✔
---4. New user try and set password = 8 characters all upper and lower case + symbol (PASSWORDPASSWORD1) → should get error message No lowercase ✔
---5. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD) → should get error message No number entered and symbol entered ✔
---6. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD!) → should get error message No number entered ✔
---7. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1) → should get error message No symbol entered ✔
---8. New user try and set password = 8 characters all upper and lower case (passwordPASSWORD1!) → success ✔

Error message...

Read more...

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8879
Committed: https://git.mahara.org/mahara/mahara/commit/a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed May 23 10:12:47 2018 +1200

Bug 1766041: check upper and lower case letters in password

behatnotneeded

Change-Id: I798d052506c9acefa0e4b55c993135f3b70d27c5

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8901

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8901
Committed: https://git.mahara.org/mahara/mahara/commit/6affad1c5165cae7ce0695f7d7152a4e58c9e8df
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 18.04_STABLE

commit 6affad1c5165cae7ce0695f7d7152a4e58c9e8df
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed May 23 10:12:47 2018 +1200

Bug 1766041: check upper and lower case letters in password

behatnotneeded

Change-Id: I798d052506c9acefa0e4b55c993135f3b70d27c5
(cherry picked from commit a0ccda3e4bf4028d56bf5cf6e7bfa5932fae271e)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers