DiUS
Generated password does not meet the requirements
I've spotted an issue while generating passwords with following code:
`var faker = new Faker();
var password = faker.internet().password(8, 100, true, true, true); //(minLength, max Length, includeUppercase, includeSpecial, includeDigit)`
The generated password does not always include a digit (about 1-2% results are incorrect).
Sample incorrect output:
- ^Ez!Wdi@
- *Wow$&pIkeK@*OF ("O" in this one is not a zero)
Faker Version: 1.0.2
I have analyzed the source code, and in my opinion, the generated password is too random, there is a pretty big chance of overwriting generated digits with special characters. In my project, I managed it by checking if the generated password meets my expectations before I use it.
private static String generateStrongPassword() { var password = new Faker().internet().password(8, 16, true, false, true); if (isPasswordValid(password)) { return password; } return generateStrongPassword(); }
private static boolean isPasswordValid(String password) { return nonNull(password) && password.length() >= 8 && password.chars().anyMatch(Character::isDigit) && password.chars().anyMatch(Character::isLowerCase) && password.chars().anyMatch(Character::isUpperCase); }
This is a right solution. But in my opinion, I try to modify some source code to kill this problem.
Also, when I read the source code, another bug happens. In src/test/java/com.github.javafaker/InternetTest. Its method "testPasswordMinLengthMaxLengthIncludeUpperCaseIncludeSpecialIncludeDigit()" tests the digit with
assertThat(faker.internet().password(10, 25, true, true, true), matchesRegularExpression("[a-zA-Z\d!@#$%^&*]{10,25}"));
But actually I find the "\d" is useless, it means the digit test is useless, so "^*Wow$&pIkeK@*OF" is PASS, and "aaaaaaaaaaaA@" is also PASS.
This is also a bug, if I have enough time, I will try this.
@ewefie @irakatz Hi please check my fix https://github.com/DiUS/java-faker/pull/607 Maybe it will resolve your issue
