From a31bb4bf6198fa6abaa918edd9368a7fb43f75b7 Mon Sep 17 00:00:00 2001
From: Mykhaylo <michele.boychuk@gmail.com>
Date: Fri, 16 Sep 2022 12:19:06 +0200
Subject: [PATCH] [CST-6108] implemented community feedbacks

---
 .../src/main/resources/Messages.properties    |  3 +--
 .../authorize/RegexPasswordValidatorTest.java | 23 +++++++++++++++----
 .../modules/authentication-password.cfg       | 10 ++++----
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/dspace-api/src/main/resources/Messages.properties b/dspace-api/src/main/resources/Messages.properties
index 75f46a2f67..7293a23ff0 100644
--- a/dspace-api/src/main/resources/Messages.properties
+++ b/dspace-api/src/main/resources/Messages.properties
@@ -120,5 +120,4 @@ org.dspace.app.rest.exception.RESTEmptyWorkflowGroupException.message = Refused
 org.dspace.app.rest.exception.EPersonNameNotProvidedException.message = The eperson.firstname and eperson.lastname values need to be filled in
 org.dspace.app.rest.exception.GroupNameNotProvidedException.message = Cannot create group, no group name is provided
 org.dspace.app.rest.exception.GroupHasPendingWorkflowTasksException.message = Cannot delete group, the associated workflow role still has pending tasks
-org.dspace.app.rest.exception.PasswordNotValidException.message = New password is invalid. Valid passwords must be between 8-15 characters long and must \
-                                     include a minimum of: one uppercase letter, one lowercase letter, one number, and one special character (!?$@#$%^&+=).
+org.dspace.app.rest.exception.PasswordNotValidException.message = New password is invalid. Valid passwords must have at least 8 characters long!
diff --git a/dspace-api/src/test/java/org/dspace/authorize/RegexPasswordValidatorTest.java b/dspace-api/src/test/java/org/dspace/authorize/RegexPasswordValidatorTest.java
index 9988aaf80b..df333fa500 100644
--- a/dspace-api/src/test/java/org/dspace/authorize/RegexPasswordValidatorTest.java
+++ b/dspace-api/src/test/java/org/dspace/authorize/RegexPasswordValidatorTest.java
@@ -9,21 +9,36 @@ package org.dspace.authorize;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
+import static org.mockito.Mockito.when;
 
 import org.dspace.AbstractIntegrationTest;
-import org.dspace.authorize.service.PasswordValidatorService;
-import org.dspace.passwordvalidation.factory.PasswordValidationFactory;
+import org.dspace.services.ConfigurationService;
+import org.junit.Before;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
 
 /**
  * Unit tests for {@link RegexPasswordValidator}.
  * 
  * @author Luca Giamminonni (luca.giamminonni at 4science.it)
  */
+@RunWith(MockitoJUnitRunner.class)
 public class RegexPasswordValidatorTest extends AbstractIntegrationTest {
 
-    private PasswordValidatorService regexPasswordValidator = PasswordValidationFactory.getInstance()
-                                                                                       .getPasswordValidationService();
+    @Mock
+    private ConfigurationService configurationService;
+
+    @InjectMocks
+    private RegexPasswordValidator regexPasswordValidator;
+
+    @Before
+    public void setup() {
+        when(configurationService.getProperty("authentication-password.regex-validation.pattern"))
+        .thenReturn("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[^\\da-zA-Z]).{8,15}$");
+    }
 
     @Test
     public void testValidPassword() {
diff --git a/dspace/config/modules/authentication-password.cfg b/dspace/config/modules/authentication-password.cfg
index 6c73bfb9dd..078da7f8d1 100644
--- a/dspace/config/modules/authentication-password.cfg
+++ b/dspace/config/modules/authentication-password.cfg
@@ -31,10 +31,10 @@
 # (by default is enabled, to disable, either comment out this configuration or set it to an empty value)
 # This regular expression is used to validate password during creation of EPerson
 # or during the patch of password.
-# NOTE: when you configure a custom regex, you have to update the rules on angular's i18n end,
-# variable: "profile.security.form.notifications.error.robust-password".
+# NOTE: when you configure a custom regex, you will also need to update the text of 
+# "org.dspace.app.rest.exception.PasswordNotValidException.message" in Messages.properties to describe the minimum requirements.
 #
-# The following regex applies subsequent rules:
+# The following regex applies subsequent rules: ^(?=.*?[a-z])(?=.*?[A-Z])(?=\\S*?[0-9])(?=\\S*?[!?$@#$%^&+=]).{8\,15}$
 # 1) (?=.*?[a-z])             - the password must contain at least one lowercase character
 # 2) (?=.*?[A-Z])             - the password must contain at least one uppercase character
 # 3) (?=\\S*?[0-9])           - the password must contain at least one numeric character
@@ -42,6 +42,8 @@
 # 5) {8\,15}                  - the password must be at least 8 and at most 15 characters long
 # REMARK: {8\,15} - the slash in this regex is an exception of the Apache library, as "," is a special character,
 #                   consequently to interpret it correctly you have to add the slash in front
-authentication-password.regex-validation.pattern = ^(?=.*?[a-z])(?=.*?[A-Z])(?=\\S*?[0-9])(?=\\S*?[!?$@#$%^&+=]).{8\,15}$
 
+# By default, DSpace just requires a password of 8 or more characters.  
+# However, we recommend most sites consider either increasing the required length or complexity (see example above)
+authentication-password.regex-validation.pattern = ^.{8\,}$