Add regex to password complexity in Sitecore 8 -


the requirement require users have complex passwords requiring minimum length of 8 characters. 1+ non alpha numeric character. 1+ lowercase alpha character. 1+ uppercase alpha character. 1+ number.

i can accomplish adding following web.config

<add name="sql" type="system.web.security.sqlmembershipprovider" connectionstringname="core" applicationname="sitecore" minrequiredpasswordlength="8" minrequirednonalphanumericcharacters="1" requiresquestionandanswer="false" requiresuniqueemail="false" maxinvalidpasswordattempts="5" passwordstrengthregularexpression="(?=.{8,})(?=.*[\d])(?=.*[a-z])(?=.*[a-z]).*" />

passwordstrengthregularexpression validation seems not handled sitecore following unhandled exception when invalid password entered:

 376 15:59:41 error application error. exception: system.web.httpunhandledexception message: exception of type 'system.web.httpunhandledexception' thrown. source: system.web    @ system.web.ui.page.handleerror(exception e)    @ system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)    @ system.web.ui.page.processrequest(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)    @ system.web.ui.page.processrequest()    @ system.web.ui.page.processrequest(httpcontext context)    @ system.web.httpapplication.callhandlerexecutionstep.system.web.httpapplication.iexecutionstep.execute()    @ system.web.httpapplication.executestep(iexecutionstep step, boolean& completedsynchronously)  nested exception  exception: system.reflection.targetinvocationexception message: exception has been thrown target of invocation. source: mscorlib    @ system.runtimemethodhandle.invokemethod(object target, object[] arguments, signature sig, boolean constructor)    @ system.reflection.runtimemethodinfo.unsafeinvokeinternal(object obj, object[] parameters, object[] arguments)    @ system.reflection.runtimemethodinfo.invoke(object obj, bindingflags invokeattr, binder binder, object[] parameters, cultureinfo culture)    @ sitecore.web.ui.xamlsharp.xaml.xamlcontrol.executeajaxmethod(ajaxmethodeventargs e)    @ sitecore.web.ui.webcontrols.ajaxscriptmanager.dispatchmethod(control control, string parameters)    @ sitecore.nexus.pipelines.nexuspipelineapi.resume(pipelineargs args, pipeline pipeline)    @ sitecore.pipelines.pipeline.start(pipelineargs args, boolean atomic)    @ sitecore.web.ui.webcontrols.continuationmanager.runpipelines()    @ sitecore.web.ui.webcontrols.continuationmanager.onprerender(eventargs e)    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.control.prerenderrecursiveinternal()    @ system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)  nested exception  exception: system.argumentexception message: parameter 'newpassword' not match regular expression specified in config file. source: system.web    @ system.web.security.sqlmembershipprovider.changepassword(string username, string oldpassword, string newpassword)    @ sitecore.data.dataproviders.nullretryer.execute[t](func`1 action, action recover)    @ sitecore.security.sitecoremembershipprovider.changepassword(string username, string oldpassword, string newpassword)    @ sitecore.security.accounts.membershipuserwrapper.changepassword(string oldpassword, string newpassword)    @ sitecore.shell.applications.security.setpassword.setpasswordpage.ok_click()

can accomplished modifying config values or can accomplished patching <loggingin> pipeline?

looking @ code sitecoremembershipprovider there wrapper property passwordstrengthregularexpession , material methods hand off processing underlying provider, in case sqlmembershipprovider. error being generated there, see stack trace.

the exception expected behaviour method according msdn documentation. in application's login/change password/new user forms should validate user's entry against membership.passwordstrengthregularexpression manually ensure complexity requirement met before passing new value sitecore.

it's hard tell question, cover case, or referring error being generated in sitecore change password dialog (haven't tried that)? if that's case raise support ticket, system should gracefully cope situation. notwithstanding documentation eluded nikola (@nsgocev) seems @ least author of sitecore wrapper did implement @ least rudimentary wrappers property.


Comments

Post a Comment

Popular posts from this blog

html - Outlook 2010 Anchor (url/address/link) -

i'm trying link specific pdf page msoutlook'10 or msword'10, #page=... anchor particularly useful , works fine elsewhere. unfortunately when click [ctr-k] in outlook or winword, links re-formatted assuming unc path. pdf file located on shared drive. using "file:" prefix links open pdf in adobe reader (outside of browser), , "http:" open inside browser. issue seem need open in browser "file:" prefix in order anchor work. know anchors work inside browser. outlook uses windows/explorer default program (based on file extension) seems open in adobe reader neglecting anchor. is aware of solution, link specific page or bookmark of shared-pdf ms outlook and/or winword link? common references: mailermailer.com/...anchor-tags-html-emails campaignmonitor.com/...anchor-links-in-email-newsletters/ stackoverflow.com/...anchor-in-pdf-document
Read more

javascript - Why does running this loop 9 times take 100x longer than running it 8 times? -

consider code: test = function() { } t = new test(); (var = 0; < 8; i++) { result = t instanceof test; } if change number of iterations 8 9 , loop take 100 times longer complete in latest version of firefox (41.0.1). tested on 2 different pcs , magic limit 8. here jsperf test used: http://jsperf.com/instanceof-8-times-vs-9-times does have idea why might happen? seems specific instanceof . not happen if else object, example check property. note: filed bugzilla bug this. jan de mooij mozilla team has posted details in bugzilla thread . here's simplistic interpretation of highly technical answers: in i < 8 case, firefox smart enough hoist result = t instanceof test; statement out of loop (according tests, doesn't seem omit altogether). in i < 9 case, apparently doesn't optimization . why? reason not clear, related fact 9 iterations threshold above function considered "hot" enough run through jit compiler. i < 8 cas...
Read more

Getting gateway time-out Rails app with Nginx + Puma running on Digital Ocean -

following this guide setup app on digital ocean droplet, not working. site not loading , it's throwing: "gateway time-out". the puma server works, since ps aux | grep puma prints: root 15878 0.0 0.4 376832 2168 ? sl 12:50 0:00 puma 2.13.4 (unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock) [20150930164940] root 15881 0.0 0.7 903676 3692 ? sl 12:50 0:06 puma: cluster worker 0: 15878 [20150930164940] root 24654 0.0 0.1 11748 916 pts/2 s+ 18:00 0:00 grep --color=auto puma my nginx config: user root; worker_processes 1; events { worker_connections 1024; } http { upstream puma { server unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock; } server { listen 80; server_name myapp.com; root /var/www/myapp/current/public; access_log /var/www/myapp/current/log/access.log; error_log /...
Read more