Addendum to LPD-157

Jan Tošovský, modified 1 Year ago.

Addendum to LPD-157

Liferay Master Posts: 576 Join Date: 7/22/10 Recent Posts

I want to stress that RegExpToolkit has just regex check in his validate() method:

boolean value = password1.matches(_pattern);

So even if I implemented a custom words dictionary, it would be ignored anyway.

I would be grateful to reuse and adapt this logic from the PasswordPolicyToolkit:

if (!passwordPolicy.isAllowDictionaryWords() &&
   WordsUtil.isDictionaryWord(password1)) {

      throw new UserPasswordException.MustNotContainDictionaryWords(
         userId, WordsUtil.getDictionaryList());
}

 

thumbnail
Zsigmond Rab, modified 1 Year ago.

RE: Addendum to LPD-157

Liferay Master Posts: 764 Join Date: 1/5/10 Recent Posts

I added this to the request: https://liferay.atlassian.net/browse/LPD-157?focusedCommentId=2593947

We're going to review this again.

Thanks,
Zsigmond

thumbnail
Zsigmond Rab, modified 1 Year ago.

RE: RE: Addendum to LPD-157

Liferay Master Posts: 764 Join Date: 1/5/10 Recent Posts

Hi Jan,

Couldn't that be done with implementing a new toolkit rather?

Regards,
Zsigmond

Jan Tošovský, modified 1 Year ago.

RE: RE: Addendum to LPD-157

Liferay Master Posts: 576 Join Date: 7/22/10 Recent Posts

Thanks for the hint. I thought this is somehow hardcoded because for each toolkit there are additional properties in the portal.properties. It would be nice to have a blog post with a generic example.

My main idea here was to slightly modify the existing Regex toolkit to make it more versatile.

thumbnail
Zsigmond Rab, modified 1 Year ago.

RE: RE: Addendum to LPD-157

Liferay Master Posts: 764 Join Date: 1/5/10 Recent Posts

I see. However, I think the existing toolkits have their own design and purpose. If we want to have a word list based check also, it may be better to separate its logic according to its goal. I would go for that rather than modifying the existing toolkits.

What would you like to see being covered by a blog post exactly?

Regards,
Zsigmond

Jan Tošovský, modified 1 Year ago.

RE: RE: Addendum to LPD-157

Liferay Master Posts: 576 Join Date: 7/22/10 Recent Posts

I agree that word check logic could be separated into a dedicated layer.

Looking into the code I can see all this is less complex than I thought originally.

1. I was unsure how to integrate the custom password toolkit, but it seems this settings does the job (not tested yet):

passwords.toolkit=my.company.CustomToolkit

2. I thought the autogenerated passwords follow the toolkit rules, but I can see the generator only combines alphanumeric chars and stops after reaching the required length.

So I'll try to implement CustomToolkit instead, like you propose.

Community
Company
Feedback