JoaoJandre opened a new pull request, #6567: URL: https://github.com/apache/cloudstack/pull/6567
## Description Currently, ACS does not have a feature to manage user password policies. New domain-scoped settings were created to allow operators to define password policies. Configured password policies will be applied whenever a user changes their password or a new user is created. The following settings were created: | Setting | Purpose | | ------ | ------ | |`password.policy.minimum.length`| Minimum password length | |`password.policy.minimum.lowercase.letters`| Minimum number of lower case letters| |`password.policy.minimum.uppercase.letters`| Minimum number of upper case letters| |`password.policy.minimum.special.characters`| Minimum number of special characters| |`password.policy.minimum.digits`| Minimum number of digits| |`password.policy.allowPasswordToContainUsername`| If the password may contain the user's username| |`password.policy.regex`| A regular expression that the password must match| ### Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [X] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ### Feature/Enhancement Scale or Bug Severity #### Feature/Enhancement Scale - [ ] Major - [X] Minor ### How Has This Been Tested? Unit tests were created for the new methods. Furthermore each configuration was individually tested in the ROOT domain. The creation of a user was tested, to ensure that verification of password policies was being called. All other tests were done by changing the user's password via the UI. | No. | Test | Result | Expected result? | | ------ | ------ | ------ | ------ | | 1 | `password.policy.minimum.length` = 0 and password "abc" | Password successfully changed | Yes | | 2 | `password.policy.minimum.length` = 5 and password "abc" | Error thrown warning that the length does not reach the minimum expected | Yes | | 3 | `password.policy.minimum.length` = 5 and password "abcde" | Password successfully changed | Yes | | 4 | `password.policy.minimum.lowercase.letters` = 0 and password "ABC" | Password successfully changed | Yes | | 5 | `password.policy.minimum.lowercase.letters` = 1 and password "ABC" | Error thrown warning that the number of lowercase letters does not reach the expected minimum | Yes | | 6 | `password.policy.minimum.lowercase.letters` = 1 and password "aBC" | Password successfully changed | Yes | | 7 | `password.policy.minimum.uppercase.letters` = 0 and password "abc" | Password successfully changed | Yes | | 8 | `password.policy.minimum.uppercase.letters` = 1 and password "abc" | Error thrown warning that the number of uppercase letters does not reach the expected minimum | Yes | | 9 | `password.policy.minimum.uppercase.letters` = 1 and password "Abc" | Password successfully changed | Yes | | 10 | `password.policy.minimum.special.characters` = 0 and password "abc" | Password successfully changed | Yes | | 11 | `password.policy.minimum.special.characters` = 1 and password "abc" | Error thrown warning that the number of special characters does not reach the minimum expected | Yes | | 12 | `password.policy.minimum.special.characters` = 1 and password "&bc" | Password successfully changed | Yes | | 13 | `password.policy.minimum.digits` = 0 and password "abc" | Password successfully changed | Yes | | 14 | `password.policy.minimum.digits` = 1 and password "abc" | Error thrown warning that the number of digits does not reach the minimum expected | Yes | | 15 | `password.policy.minimum.digits` = 1 and password "1bc" | Password successfully changed | Yes | | 16 | `password.policy.allowPasswordToContainUsername` = true, password "abc" and username "test"| Password successfully changed | Yes | | 17 | `password.policy.allowPasswordToContainUsername` = true, password "testabc" and username "test"| Password successfully changed | Yes | | 18 | `password.policy.allowPasswordToContainUsername` = false, password "abc" and username "test"| Password successfully changed | Yes | | 19 | `password.policy.allowPasswordToContainUsername` = false, password "testabc" and username "test"| Error thrown warning that password cannot contain username | Yes | | 20 | `password.policy.regex` = ".+" and password "abc"| Password successfully changed | Yes | | 21 | `password.policy.regex` = "[a-z]+" and password "abc"| Password successfully changed | Yes | | 22 | `password.policy.regex` = "[a-z]+" and password "abc1"| Error thrown warning that password does not match with regex | Yes | | 23 | `password.policy.minimum.length` = 5, `password.policy.minimum.lowercase.letters` = 1, `password.policy.minimum.uppercase.letters` = 1, `password.policy.minimum.special.characters ` = 1, `password.policy.minimum.digits` = 1, `password.policy.allowPasswordToContainUsername` = false, `password.policy.regex` = "[a-zA-Z1-9@]+ " and password " aA1@b"| Password successfully changed | Yes | Tests were repeated on a subdomain of the ROOT to ensure that the settings taken into account were always from the subdomain, and all tests went as expected. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
