d04f51f7ed
* Update validation regex for symbol requirement Fixes #114544 frontend: accept underscore as valid symbol in password validation * test: add underscore symbol test for strong password policy * chore(changelog): add changelog for #114571 * Delete changelog/114571.md * fix: correct indentation in password test * chore(workflows): skip OIDC steps for fork PRs * chore(workflows): pass fork status to reusable workflow * revert: remove workflow changes for fork detection * revert: remove fork status parameter from workflow caller * Fix formatting issues in PR patch check workflow --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
100 lines
4.5 KiB
Go
100 lines
4.5 KiB
Go
package user
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestPasswowrdService_ValidatePasswordHardcodePolicy(t *testing.T) {
|
|
LOWERCASE := "lowercase"
|
|
UPPERCASE := "UPPERCASE"
|
|
NUMBER := "123"
|
|
SYMBOLS := "!@#$%"
|
|
testCases := []struct {
|
|
expectedError error
|
|
name string
|
|
passwordTest string
|
|
strongPasswordPolicyEnabled bool
|
|
}{
|
|
{
|
|
name: "should return error when the password has less than 4 characters and strong password policy is disabled",
|
|
passwordTest: NUMBER,
|
|
expectedError: ErrPasswordTooShort.Errorf("new password is too short"),
|
|
strongPasswordPolicyEnabled: false,
|
|
},
|
|
{name: "should not return error when the password has 4 characters and strong password policy is disabled",
|
|
passwordTest: "test",
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: false,
|
|
},
|
|
{
|
|
name: "should return error when the password has less than 12 characters and strong password policy is enabled",
|
|
passwordTest: NUMBER,
|
|
expectedError: ErrPasswordPolicyInfringe.Errorf("new password is too short for the strong password policy"),
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should return error when the password is missing an uppercase character and strong password policy is enabled",
|
|
passwordTest: LOWERCASE + NUMBER + SYMBOLS,
|
|
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should return error when the password is missing a lowercase character and strong password policy is enabled",
|
|
passwordTest: UPPERCASE + NUMBER + SYMBOLS,
|
|
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should return error when the password is missing a number character and strong password policy is enabled",
|
|
passwordTest: LOWERCASE + UPPERCASE + SYMBOLS,
|
|
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should return error when the password is missing a symbol characters and strong password policy is enabled",
|
|
passwordTest: LOWERCASE + UPPERCASE + NUMBER,
|
|
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should not return error when the password has lowercase, uppercase, number and symbol and strong password policy is enabled",
|
|
passwordTest: LOWERCASE + UPPERCASE + NUMBER + SYMBOLS,
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should not return error when the password has uppercase, number, symbol and lowercase and strong password policy is enabled",
|
|
passwordTest: UPPERCASE + NUMBER + SYMBOLS + LOWERCASE,
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should not return error when the password has number, symbol, lowercase and uppercase and strong password policy is enabled",
|
|
passwordTest: NUMBER + SYMBOLS + LOWERCASE + UPPERCASE,
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should not return error when the password has symbol, lowercase, uppercase and number and strong password policy is enabled",
|
|
passwordTest: SYMBOLS + LOWERCASE + UPPERCASE + NUMBER,
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
{
|
|
name: "should accept underscore as a valid symbol when strong password policy is enabled",
|
|
passwordTest: LOWERCASE + UPPERCASE + NUMBER + "_",
|
|
expectedError: nil,
|
|
strongPasswordPolicyEnabled: true,
|
|
},
|
|
}
|
|
for _, tc := range testCases {
|
|
cfg := setting.NewCfg()
|
|
cfg.BasicAuthStrongPasswordPolicy = tc.strongPasswordPolicyEnabled
|
|
err := ValidatePassword(tc.passwordTest, cfg)
|
|
assert.Equal(t, tc.expectedError, err)
|
|
}
|
|
}
|