Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7670

History info in password quality criteria even if not configured

    XMLWordPrintable

    Details

      Description

      With the fix for OPENDJ-7645, history information is included in the passing criteria, even if password history isn't explicitly configured in the password policy.

      Running through https://ea.forgerock.com/docs/ds/rest-guide/action-rest.html#rest-action-password-quality-check (but using Babs's original password, since I jumped right there) I get this result:

      $ curl  --request POST  --cacert ca-cert.pem  --user bjensen:hifalutin  --header "Content-Type: application/json"  --data '{"oldPassword": "hifalutin", "newPassword": "passwd"}'  --silent  "https://localhost:8443/api/users/bjensen?_action=modifyPassword&dryRun=true&passwordQualityAdvice=true&_prettyPrint=true"
      {
        "code" : 400,
        "reason" : "Bad Request",
        "message" : "Constraint Violation: The provided new password failed the validation checks defined in the server: The provided password is shorter than the minimum required length of 8 characters",
        "detail" : {
          "passwordQualityAdvice" : {
            "passingCriteria" : [ {
              "type" : "history",
              "parameters" : {
                "history-count" : 2147483647,
                "history-duration-seconds" : 0
              }
            } ],
            "failingCriteria" : [ {
              "type" : "length-based",
              "parameters" : {
                "max-password-length" : 0,
                "min-password-length" : 8
              }
            } ]
          }
        }
      }
      

      Notice the values related to the password history configuration.
      The password policy shown in that example doesn't mention history:

      dn: cn=Minimum length policy,dc=example,dc=com
      objectClass: top
      objectClass: subentry
      objectClass: ds-pwp-password-policy
      objectClass: ds-pwp-validator
      objectClass: ds-pwp-length-based-validator
      cn: Minimum length policy
      ds-pwp-password-attribute: userPassword
      ds-pwp-default-password-storage-scheme: PBKDF2-HMAC-SHA512
      ds-pwp-length-based-min-password-length: 8
      subtreeSpecification: {base "ou=people", specificationFilter "(uid=bjensen)"}
      

        Attachments

          Issue Links

            Activity

              People

              cforel carole forel
              Mark Mark Craig
              Jean-Noël Rouvignac Jean-Noël Rouvignac
              carole forel carole forel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: