[5.2] Password Strength Symbols #43484
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The script used to check for symbols in a password contains a limited set of symbols. This PR updates the script to use the list of special characters provided by [OWASP](https://owasp.org/www-community/password-special-characters). They are the punctuation characters that are present on standard US keyboard.
joomla-cms-bot
added
NPM Resource Changed
Closed
|
I have tested this item ✅ successfully on 388d8e3 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43484. |
1 similar comment
|
I have tested this item ✅ successfully on 388d8e3 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43484. |
|
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43484. |
|
Please fix javascript cs https://ci.joomla.org/joomla/joomla-cms/76291/1/20 |
|
i will not be at a pc for the foreseeable future - feel free to update it directly |
Quy
reviewed
May 21, 2024
|
Thank you @brianteeman and @Quy ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The script used to check for symbols in a password contains a limited set of symbols.
Pull Request for Issue #41552 .
Summary of Changes
This PR updates the script to ensure that all of the the list of special characters/symbols provided by OWASP are also included. They are the punctuation characters that are present on standard US keyboard.
The entire set of special characters/symbols is now @$!#?=;:*-_€%&()`´+[]{}'"|,.<>/~^
I added the additional comment to the licence so that it is clear that the script has been changed from the original which probably should have been done earlier when the regex was updated to include @
Testing Instructions
This change will require using a prebuilt package or
npm cito testSet the password requirements in the User Options Password Minimum Symbols to 1
Try to create a password containing letters and one or more symbols from this list
+[]{}'"|,.<>/~^
Actual result BEFORE applying this Pull Request
The password will be rejected
Expected result AFTER applying this Pull Request
The password will be accepted
Link to documentations
Please select:
Documentation link for docs.joomla.org:
No documentation changes for docs.joomla.org needed
Pull Request link for manual.joomla.org:
No documentation changes for manual.joomla.org needed