[OT] Password regex change on mybills.co.il
Omer Zak
w1 at zak.co.il
Sat Feb 27 23:28:58 IST 2016
DISCLAIMER: I tested on Python's re.
Each of the sub-patterns enclosed in (?=...) is a lookahead pattern.
As such, they do not consume the string, just check if it matches them.
The whole pattern is effectively an AND of the subpatterns.
The last pattern matches 8 or more characters (any character).
Therefore, the string to be matched needs to be at least 8 characters
long (no upper bound) and have at least one character from each of the
following groups:
a-z
A-Z
0-9
~#%&=$-!?^@ (one of 11 specific special characters)
The other characters may be just any character you want (including
spaces).
I confirmed that the following strings match the pattern (without the
doublequotes):
"aA0~...." (8 characters long)
"aA0~....." (9 characters long)
"bzCY19#@---" (11 characters long)
"bzCY19^9 99" (11 characters long, with space)
--- Omer
On Sat, 2016-02-27 at 19:46 +0000, Valery Reznic wrote:
> Hi, All.
>
>
> It's not actually Linux-related, but more regular-expression question.
> Nevertheless ...
>
>
> Recently I was unable to login into site mybills.co.il
>
>
> Attempt to reset password also failed due to regular expression test
> failed.
>
>
> Mybills claims that password should be 8-10 characters long and
> should
> include at least two digits and Latin letters.
>
>
> Whatever I tried as password - I was not able to pass their regex
> test.
>
>
> After a bit of digging
> I found following in the https://www.mybills.co.il/js/Validations.js
>
>
>
>
> //var passREGEX
> = /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%
> ^&*()+-_=])).*/;
> var passREGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!
> \?\^@])(?=.{8,})/;
>
>
> I tried first (commented out) regex in
> the regex101.com and indeed password with 2 digits and 2 Latin
> letters matches
>
>
> I tried the second (active) one- no matches.
>
>
> Any idea what password should looks like to match this regex?
>
>
> I tried to contact mybills's support - no luck here :(
--
$ python
>>> type(type(type))
<type 'type'> My own blog is at http://www.zak.co.il/tddpirate/
My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
More information about the Linux-il
mailing list