[OT] Password regex change on mybills.co.il

Sun Feb 28 00:02:55 IST 2016

The active regex (in the file you sent) is:

var passREGEX =
/^(?=.{8,10}$)(?=(.*[0-9]){1,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%^&*()+-_=])).*/i;

Which says:
8-10 chars
at least 1 number
at least 2 latin chars
any number of special chars.

Note that there is no demand for capitals and no demand for at least
one special char.

I used this cute site to verify my claims:
https://regex101.com/

HTH שבוע טוב,
Eliyahu - אליהו

2016-02-27 23:28 GMT+02:00 Omer Zak <w1 at zak.co.il>:
> DISCLAIMER: I tested on Python's re.
>
> Each of the sub-patterns enclosed in (?=...) is a lookahead pattern.
> As such, they do not consume the string, just check if it matches them.
> The whole pattern is effectively an AND of the subpatterns.
> The last pattern matches 8 or more characters (any character).
>
> Therefore, the string to be matched needs to be at least 8 characters
> long (no upper bound) and have at least one character from each of the
> following groups:
> a-z
> A-Z
> 0-9
> ~#%&=$-!?^@ (one of 11 specific special characters)
>
> The other characters may be just any character you want (including
> spaces).
>
> I confirmed that the following strings match the pattern (without the
> doublequotes):
> "aA0~...." (8 characters long)
> "aA0~....." (9 characters long)
> "bzCY19#@---" (11 characters long)
> "bzCY19^9 99" (11 characters long, with space)
>
> --- Omer
>
>
>
> On Sat, 2016-02-27 at 19:46 +0000, Valery Reznic wrote:
>> Hi, All.
>>
>>
>> It's not actually Linux-related, but more regular-expression question.
>> Nevertheless ...
>>
>>
>> Recently I was unable to login into site mybills.co.il
>>
>>
>> Attempt to reset password also failed due to regular expression test
>> failed.
>>
>>
>> Mybills claims that password should be 8-10 characters long and
>> should
>> include at least two digits and Latin letters.
>>
>>
>> Whatever I tried as password - I was not able to pass their regex
>> test.
>>
>>
>> After a bit of digging
>> I found following in the https://www.mybills.co.il/js/Validations.js
>>
>>
>>
>>
>> //var passREGEX
>> = /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%
>> ^&*()+-_=])).*/;
>> var passREGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!
>> \?\^@])(?=.{8,})/;
>>
>>
>> I tried first (commented out) regex in
>>  the regex101.com and indeed password with 2 digits and 2 Latin
>> letters matches
>>
>>
>> I tried the second (active) one- no matches.
>>
>>
>> Any idea what password should looks like to match this regex?
>>
>>
>> I tried to contact mybills's support - no luck here :(
>
>
> --
> $ python
>>>> type(type(type))
> <type 'type'>          My own blog is at http://www.zak.co.il/tddpirate/
> My opinions, as expressed in this E-mail message, are mine alone.
> They do not represent the official policy of any organization with which
> I may be affiliated in any way.
> WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il