passay icon indicating copy to clipboard operation
passay copied to clipboard
verified publisher icon vt-middleware

Create IllegalFirstCharacterRule and AllowedFirstCharacterRule

Open patimen opened this issue 2 years ago • 11 comments

For instance: IllegalFirstCharacterRule(EnglishCharacterData.Digit) - Password cannot start with a digit. AllowedFirstCharacterRule(EnglishCharacterData.Alphabetical) - Password must start with a letter.

I know something very similar can be achieved using AllowedCharacterRule and IllegalCharacterRule, but the error message in that case is less helpful ("Password starts with illegal character 's'.) to end users, and you have to specify the entire set of characters instead of using CharacterData.

This seems like a fairly common requirement for passwords.

patimen avatar Sep 27 '23 21:09 patimen

I'd be more than happy to implement this if you'd like.

patimen avatar Sep 27 '23 21:09 patimen

I believe to do this with the current API you would use:

IllegalCharacterRule(EnglishCharacterData.Digit.getCharacters().toCharArray(), MatchBehavior.StartsWith)

I can see adding a convenience constructor arg so we accept CharacterData.

I don't follow your comment about the error messaging. You can set

ILLEGAL_CHAR.STARTS_WITH=My custom message about the character '%1$s'.

to make the messaging whatever you want. What functionality are you looking for there?

dfish3r avatar Sep 27 '23 22:09 dfish3r

I did try this approach, but the message has no way saying what's EXPECTED, only that the provided character is invalid. No matter what text you put in there (unless maybe we add some parameter to the IllegalCharacterRule output), you can't have it say something like : Password must begin with a letter.

patimen avatar Sep 27 '23 22:09 patimen

It's also a lot easier to find and document separately, it took me a while to figure out IllegalCharacterRule had MatchBehavior.

patimen avatar Sep 27 '23 22:09 patimen

I did try this approach, but the message has no way saying what's EXPECTED, only that the provided character is invalid. No matter what text you put in there (unless maybe we add some parameter to the IllegalCharacterRule output), you can't have it say something like : Password must begin with a letter.

I guess I would expect the messaging (positive or negative) to follow the type of rule:

AllowedCharacterRule(EnglishCharacterData.Alphabetical.getCharacters().toCharArray(), MatchBehavior.StartsWith)
ALLOWED_CHAR.STARTS_WITH=Password must begin with a letter.

IllegalCharacterRule(EnglishCharacterData.Digit.getCharacters().toCharArray(), MatchBehavior.StartsWith)
ILLEGAL_CHAR.STARTS_WITH=Password cannot begin with a digit.

You don't have to use the result metadata in your messaging.

dfish3r avatar Sep 29 '23 01:09 dfish3r

I guess that would get the result, but it seems hacky and fragile. I've worked around this personally by creating a custom Rule class, more or less as I described. I'm just saying it would make sense to give first class to this scenario in the library.

patimen avatar Sep 29 '23 01:09 patimen

Ok, I'll buy that this makes sense as a first class feature. Feel free to submit a PR.

dfish3r avatar Sep 29 '23 18:09 dfish3r

@dfish3r If the issue isn't resolved yet, can I edit the code and post a PR?

wleo04 avatar Dec 04 '23 09:12 wleo04

@patimen Did you have a PR you wanted to submit?

dfish3r avatar Dec 04 '23 12:12 dfish3r

@dfish3r If the issue isn't resolved yet, can I edit the code and post a PR?

Yes go ahead, there was no response from the reporter.

dfish3r avatar Dec 19 '23 18:12 dfish3r

@dfish3r Okay, I'll fix it and ask for PR

wleo04 avatar Dec 20 '23 05:12 wleo04