Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity Users 'Set Password' action's 'Generate Random Password' button does not obey Password complexity settings #16852

Closed
1 task done
mkincyan opened this issue Jun 15, 2023 · 6 comments
Closed
1 task done

Identity Users 'Set Password' action's 'Generate Random Password' button does not obey Password complexity settings #16852

mkincyan opened this issue Jun 15, 2023 · 6 comments
Assignees
@maliming
Milestone
7.4-final

Comments

@mkincyan
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Description

As a user
I want the randomly generated password used when setting the password of a user to obey the password complexity settings defined relating to that user
So that I'm given a valid password that I can use.

Reproduction Steps

Steps to reproduce:

Reproducible on ABP commercial demo on 15/6/23

  • Login as host admin
  • Navigate to Administration -> Identity Management -> Users
  • Go to Actions -> Set Password
  • Click the 'Generate Random Password' button
  • Click 'Save'

image
image

Expected behavior

The randomly generated password is such that it is valid to be used.

Actual behavior

Validation error below the password to say 'This field must be a string or array type with a minimum length of 12.'

Regression?

No response

Known Workarounds

No response

Version

7.3.0.0

User Interface

Angular

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

No response
@mkincyan mkincyan added the bug label Jun 15, 2023
@hitaspdotnet
Copy link
Contributor

hitaspdotnet commented Jun 27, 2023
edited

change the src/Volo.Abp.Identity.Pro.Web/Pages/Identity/Users/setPassword.js:

generateRandomPasswordButton.click(function () {
                var requiredLength = abp.setting.getInt('Abp.Identity.Password.RequiredLength') ?? 8;
                var requiredUniqueChars = abp.setting.getInt('Abp.Identity.Password.RequiredUniqueChars') ?? 1;

                var password = '';
                password += pickLetters(specials, requiredUniqueChars);
                password += pickLetters(lowercase, 1);
                password += pickLetters(uppercase, 1);
                password += pickLetters(numbers, 1);
                password += pickLetters(all, requiredLength - requiredUniqueChars, requiredLength);
                password = shuffleString(password);

                $newPasswordInput.val(password);
                $newPasswordInput.attr("type", "text");

                let icon = $(this).find("i");
                if (icon) {
                    passwordVisibilityButton.find("i").removeClass("fa-eye-slash").addClass("fa-eye");
                }
            });

@hitaspdotnet
Copy link
Contributor

image
image

@mkincyan
Copy link
Author

We can try that.
Are you planning on making the change to the framework since it seems like it is the expected behaviour? Thanks.

@mkincyan
Copy link
Author

Hi. Just wanted to get a nudge on this. It feels like this behaviour should be baked into the framework. Is this going to be added? Cheers.

@maliming
Copy link
Member

hi @mkincyan

I will check this. : )

@maliming maliming self-assigned this Aug 15, 2023
@maliming maliming removed the bug label Aug 15, 2023
@maliming maliming modified the milestones: 8.0-preview, 7.4-final Aug 15, 2023
@maliming
Copy link
Member

This will be fixed on 7.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maliming maliming

Labels
None yet
Projects
None yet
Milestone
7.4-final
Development

No branches or pull requests
3 participants
@maliming @hitaspdotnet @mkincyan