issue #701 - random pw generator not honoring min length policy value - fix for v2_0 branch

Author: jrivard

build/checkstyle-import.xml

@@ -58,6 +58,7 @@
     <allow pkg="org.apache.log4j"/>
 
     <!-- testing -->
+    <allow pkg="org.assertj.core.api"/>
     <allow pkg="org.junit"/>
     <allow pkg="org.mockito"/>
     <allow pkg="com.github.tomakehurst.wiremock"/>

server/src/main/java/password/pwm/AppProperty.java

@@ -279,6 +279,8 @@ public enum AppProperty
     PASSWORD_RANDOMGEN_MAX_ATTEMPTS                 ( "password.randomGenerator.maxAttempts" ),
     PASSWORD_RANDOMGEN_MAX_LENGTH                   ( "password.randomGenerator.maxLength" ),
     PASSWORD_RANDOMGEN_JITTER_COUNT                 ( "password.randomGenerator.jitter.count" ),
+    PASSWORD_RANDOMGEN_MIN_LENGTH                   ( "password.randomGenerator.minLength" ),
+    PASSWORD_RANDOMGEN_DEFAULT_STRENGTH             ( "password.randomGenerator.defaultStrength" ),
 
     /* Strength thresholds, introduced by the addition of the zxcvbn strength meter library (since it has 5 levels) */
     PASSWORD_STRENGTH_THRESHOLD_VERY_STRONG         ( "password.strength.threshold.veryStrong" ),

server/src/main/java/password/pwm/config/profile/PwmPasswordPolicy.java

@@ -45,6 +45,7 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;
 import java.util.TreeSet;
 import java.util.regex.Pattern;
 
@@ -133,7 +134,7 @@ private PwmPasswordPolicy(
             final PolicyMetaData policyMetaData
     )
     {
-        final Map<String, String> effectivePolicyMap = new HashMap<>();
+        final Map<String, String> effectivePolicyMap = new TreeMap<>();
         if ( policyMap != null )
         {
             effectivePolicyMap.putAll( policyMap );

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -1333,12 +1333,10 @@ private ProcessStatus processRandomPasswordAction( final PwmRequest pwmRequest )
                 chaiUser.getChaiProvider()
         );
 
-        final RandomPasswordGenerator.RandomGeneratorConfig.RandomGeneratorConfigBuilder randomConfigBuilder
-                = RandomPasswordGenerator.RandomGeneratorConfig.builder();
+        final RandomPasswordGenerator.RandomGeneratorConfig randomConfig = RandomPasswordGenerator.RandomGeneratorConfig.fromPolicy(
+                pwmRequest.getConfig(),
+                userInfo.getPasswordPolicy() );
 
-        randomConfigBuilder.passwordPolicy( userInfo.getPasswordPolicy() );
-
-        final RandomPasswordGenerator.RandomGeneratorConfig randomConfig = randomConfigBuilder.build();
         final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), randomConfig, pwmRequest.getPwmApplication() );
         final RestRandomPasswordServer.JsonOutput jsonOutput = new RestRandomPasswordServer.JsonOutput();
         jsonOutput.setPassword( randomPassword.getStringValue() );

server/src/main/java/password/pwm/http/servlet/newuser/NewUserUtils.java

@@ -208,9 +208,10 @@ static void createUser(
             NewUserUtils.LOGGER.trace( pwmRequest, () -> "will use temporary password process for new user entry: " + newUserDN );
             final PasswordData temporaryPassword;
             {
-                final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder()
-                        .passwordPolicy( newUserProfile.getNewUserPasswordPolicy( pwmApplication, pwmRequest.getLocale() ) )
-                        .build();
+                final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.fromPolicy(
+                        pwmApplication.getConfig(),
+                        newUserProfile.getNewUserPasswordPolicy( pwmApplication, pwmRequest.getLocale() ) );
+
                 temporaryPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), randomGeneratorConfig, pwmApplication );
             }
             final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser( newUserDN );

server/src/main/java/password/pwm/ldap/LdapDebugDataGenerator.java

@@ -120,6 +120,8 @@ private static LdapDebugDataGenerator.LdapDebugServerInfo makeLdapDebugServerInf
         final LdapDebugServerInfo.LdapDebugServerInfoBuilder builder = LdapDebugServerInfo.builder();
 
         builder.ldapServerlUrl( chaiConfiguration.getSetting( ChaiSetting.BIND_URLS ) );
+        builder.vendorName( chaiProvider.getDirectoryVendor().name() );
+
         final ChaiProvider loopProvider = chaiProvider.getProviderFactory().newProvider( chaiConfiguration );
 
         {
@@ -188,6 +190,7 @@ public static class LdapDebugInfo implements Serializable
     public static class LdapDebugServerInfo implements Serializable
     {
         private String ldapServerlUrl;
+        private String vendorName;
         private String testUserDN;
         private Map<String, List<String>> testUserAttributes;
         private String proxyDN;

server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java

@@ -497,10 +497,9 @@ private PasswordData setTempUserPassword(
             );
 
             // create random password for user
-            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder()
-                    .seedlistPhrases( RandomPasswordGenerator.DEFAULT_SEED_PHRASES )
-                    .passwordPolicy( passwordPolicy )
-                    .build();
+            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.fromPolicy(
+                    pwmApplication.getConfig(),
+                    passwordPolicy );
 
             final PasswordData currentPass = RandomPasswordGenerator.createRandomPassword( sessionLabel, randomGeneratorConfig, pwmApplication );