faker icon indicating copy to clipboard operation
faker copied to clipboard

Published 20 hours ago verified publisher icon faker-ruby

Short Faker::Internet.password are not including mix case chars.

Open raivil opened this issue 2 years ago • 7 comments

Describe the bug

Short passwords generated with Faker::Internet.password does not respect the configs related to "mix_case".

To Reproduce

Generate several short passwords with mixed case and special characters. Eventually, a invalid password without mixed cased chars will be generated. Example:

Faker::Internet.password(min_length: 7, max_length: 7, mix_case: true, special_characters: true)
=> "@!#!$!D"

Expected behavior

Passwords to have mixed case characters.

Additional context

Version:

faker (2.21.0)

raivil avatar Jul 15 '22 14:07 raivil

adding a bit more context:

  • related issue https://github.com/faker-ruby/faker/issues/1673
  • there was an attempt to fix this on https://github.com/faker-ruby/faker/pull/1694

so maybe a regression?

adding a test/reproduction scripts that can reproduce this issue would be a nice addition.

thdaraujo avatar Jul 25 '22 17:07 thdaraujo

it looks like this occurs when both mix_case & special_case is true as special_case can currently override the characters that were changed by mix_case. have a rough solution that seems to work so would be keen to contribute (once i've done more testing & refactored) with a possible fix soon if timing isn't a major issue :)

tiff-o avatar Jul 31 '22 09:07 tiff-o

Hi @tiff-o Could you double check #2308 already solves this issue? Thanks!

stefannibrasil avatar Aug 05 '22 19:08 stefannibrasil

@thdaraujo and I were able to reproduce the error with the following script:

# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  git_source(:github) { |repo| "https://github.com/#{repo}.git" }

  gem 'faker', :git => 'https://github.com/faker-ruby/faker.git', :branch => 'master'
  gem 'minitest'
end

require "minitest/autorun"

class BugTest < Minitest::Test
  def test_password_with_special_chars_and_mixed_case
    @tester = Faker::Internet

    32.times do
      password = @tester.password(
        min_length: 7, max_length: 7, mix_case: true, special_characters: true
      )

      puts "does not have an uppercase letter: #{password}" unless /[A-Z]+/.match(password)
      puts "does not have a lowercase letter: #{password}" unless /[a-z]+/.match(password)

      assert /[A-Z]+/.match(password), "must have an uppercase letter"
      assert /[a-z]+/.match(password), "must have a lowercase letter"
      assert /[A-Z]/.match(password).size >= 1, "must have at least one uppercase letter"
      assert /[a-z]/.match(password).size >= 1, "must have at least one lowercase letter"
    end
  end
end

#2308 did not solve this issue. At the moment, the following scenarios are possible:

  • only special characters, i.e. %*@!!^$
  • only one uppercase OR one lowercase letter but not both.

What we want is make sure that we have at least one upper case AND one lower case, and the special characters. Examples:

  • !gX9yE3
  • ^*2DrTe
  • &@@hRtM

stefannibrasil avatar Aug 10 '22 20:08 stefannibrasil

Hi @stefannibrasil - so sorry for the delay. Yes, I was able to reproduce the issue and found #2308 did not resolve. I haven't the chance to revisit this just yet but can get my PR up in the next 24 hours.

tiff-o avatar Aug 10 '22 21:08 tiff-o

hi @tiff-o no worries! Take your time. I was just trying to reproduce the issue and share what we found. Thanks for working on this 👍

stefannibrasil avatar Aug 11 '22 18:08 stefannibrasil

thanks @stefannibrasil! no problem - am currently working on trying to simplify def password overall following feedback from the PR :)

tiff-o avatar Aug 14 '22 08:08 tiff-o