Rule for limiting number sequences

[Brian Silverstein]

Hi there!

My team & I have been using passay in developing a password validator for our JavaEE based web app, and it's been excellent so far. There is one pesky requirement we have, though, where user passwords cannot include a sequence of more than 4 digits in a row.

If it were as easy as no repeating digits in a row, we'd employ the nifty RepeatCharacterRegexRule -- but we want to be able to block passwords such as "foobar90210", "90210foobar", and "foo90210bar" with a rule catching the sequence of more than 4 digits anywhere in the password while still allowing, for example, "foo902bar" etc.

We considered using the NumberRangeRule; though unsure it'd work with leading 0's e.g. "foobar00210" effectively being "foobar210".

Then there is also the IllegalSequenceRule as well as the IllegalRegexRule, but we are unsure how these could be used to limit the amount of digits in a row a password has without predefining so many different number sequences.

If you folks have any ideas on how to use your library for this, please let me know!

Best,

Brian

[Daniel Fisher]

Unless I'm misunderstanding, I believe new IllegalRegexRule("\\d\\d\\d\\d\\d") is what you want.

The unit test has some very similar test cases:

https://github.com/vt-middleware/passay/blob/master/src/test/java/org/passay/IllegalRegexRuleTest.java

--Daniel Fisher

--
You received this message because you are subscribed to the Google Groups "passay" group.
To unsubscribe from this group and stop receiving emails from it, send an email to passay+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.