Univention Bugzilla – Bug 55529
notification about password complexity
Last modified: 2023-05-18 09:31:13 CEST
UCRV: umc/login/password-complexity-message/* Specifies a localized text for password complexity notes used on changing the password (e.g: umc/login/password-complexity-message/en='The password must contain at least 3 special chars, at least 20 characters long and consists of at least 5 different characters.') The setting of the variable leads not to the expected behavior of displaying the text in all relevant services (eg. the self-service). We should add the text on all needed places and maybe display it not only on failing password-change but also before trying to set a new one.
In the documentation add a hint that for consistent domain wide behavior the variable should be set via a UCR policy.
univention-self-service.yaml 49321ea251e8 | Bug #55529: univention-self-service 5.0.6-3A~5.0.0.202303211211 9acf4d513733 | Bug #55529: univention-self-service Advisory + changelog univention-self-service (5.0.6-3) 9acf4d513733 | Bug #55529: univention-self-service Advisory + changelog univention-self-service (5.0.6-2) 6107b45d6e76 | Bug #55529: add umc/login/password-complexity-message/* to password reset error message and create new acount univention-management-console.yaml 80a9235a82b3 | Bug #55529: univention-management-console 12.0.17-8A~5.0.0.202303211206 3b351ef30182 | Bug #55529: univention-management-console Advisory + changelog univention-management-console (12.0.17-8) 3b351ef30182 | Bug #55529: univention-management-console Advisory + changelog univention-management-console (12.0.17-7) 7db025cc2331 | Bug #55529: add umc/login/password-complexity-message/* to password change error message ucs-test (10.0.10-32) 410ce56d6440 | Bug #55529: ucs-test changelog ucs-test (10.0.10-31) de6521cb93d9 | Bug #55529: Add new ucs-test to check the password complexity message
OK: self-service account registration OK: self-service password-reset/forgotten OK: UMC login dialog: expired password OK: UMC login dialog: password does not meet complexity OK: UMC password change dialog OK: Portal password change dialog OK: YAML
Tests failed tonight: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/lastCompletedBuild/SambaVersion=s4,Systemrolle=master-part-II/testReport/83_self_service/09_check_password_complexity_message/test_expired_user_login_returns_password_complexity_message_Passwort_muss_mindestens_3_Gro_xdfbuchstaben_enthalten_de_DE_/ Traceback (most recent call last): File "/usr/share/ucs-test/83_self_service/09_check_password_complexity_message.py", line 75, in test_expired_user_login_returns_password_complexity_message umc_client.umc_auth(user.username, user.password, new_password="U1n2i3v4e5n6t7i8o9n0@#") File "/usr/lib/python3/dist-packages/_pytest/python_api.py", line 714, in __exit__ fail(self.message) File "/usr/lib/python3/dist-packages/_pytest/outcomes.py", line 113, in fail raise Failed(msg=msg, pytrace=pytrace) Failed: DID NOT RAISE <class 'Exception'> https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/lastCompletedBuild/SambaVersion=s4,Systemrolle=master-part-II/testReport/83_self_service/09_check_password_complexity_message/test_expired_user_login_returns_password_complexity_message_Password_must_contain_at_least_3_upper_case_letters_en_US_/ Traceback (most recent call last): File "/usr/share/ucs-test/83_self_service/09_check_password_complexity_message.py", line 75, in test_expired_user_login_returns_password_complexity_message umc_client.umc_auth(user.username, user.password, new_password="U1n2i3v4e5n6t7i8o9n0@#") File "/usr/lib/python3/dist-packages/_pytest/python_api.py", line 714, in __exit__ fail(self.message) File "/usr/lib/python3/dist-packages/_pytest/outcomes.py", line 113, in fail raise Failed(msg=msg, pytrace=pytrace) Failed: DID NOT RAISE <class 'Exception'>
Also tracebacks: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master-part-II/testReport/99_end/01_var_log_tracebacks/test_var_log_tracebacks/ 2 times in /var/log/univention/management-console-module-passwordreset.log: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/SambaVersion=no-samba,Systemrolle=master-part-II/ws/test/management-console-module-passwordreset.log Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/password.py", line 177, in check if cracklib.VeryFascistCheck(password) == password: File "/usr/lib/python3/dist-packages/cracklib.py", line 216, in VeryFascistCheck raise ValueError("is too simple") ValueError: is too simple 2 times in /var/log/univention/management-console-module-passwordreset.log: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/SambaVersion=no-samba,Systemrolle=master-part-II/ws/test/management-console-module-passwordreset.log Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1659, in _check_password_complexity pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName']) File "/usr/lib/python3/dist-packages/univention/password.py", line 180, in check raise CheckFailed(str(exc)) univention.password.CheckFailed: is too simple 2 times in /var/log/univention/management-console-module-passwordreset.log: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/SambaVersion=no-samba,Systemrolle=master-part-II/ws/test/management-console-module-passwordreset.log Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 677, in create_self_registered_account new_user.create() File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1268, in _create al.extend(self._ldap_modlist()) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1562, in _ldap_modlist self._check_password_complexity(pwhistoryPolicy) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1661, in _check_password_complexity raise univention.admin.uexceptions.pwQuality(str(exc)) univention.admin.uexceptions.pwQuality: Password policy error: is too simple. univention.admin.uexceptions.pwQuality: Fehler in der Passwort-Richtlinie: is too simple.
ucs-test (10.0.10-34) d0f9f624a894 | Bug #55529: fix ucs-test-self-service and create a new one to check password complexity message on password change
OK: test case fixed (different password complexity settings for Samba were necessary) OK: no tracebacks in the log occur anymore
<https://errata.software-univention.de/#/?erratum=5.0x627> <https://errata.software-univention.de/#/?erratum=5.0x631>
ucs-test (10.0.10-63) 704972abe91f | Bug #55529: Fix ucs-test to check the password complexity message