[OT] Password regex change on mybills.co.il
Steve Litt
slitt at troubleshooters.com
Sat Feb 27 23:08:44 IST 2016
On Sat, 27 Feb 2016 19:46:33 +0000 (UTC)
Valery Reznic <valery_reznic at yahoo.com> wrote:
> Hi, All.
> It's not actually Linux-related, but more regular-expression
> question.Nevertheless ... Recently I was unable to login into site
> mybills.co.il Attempt to reset password also failed due to regular
> expression test failed. Mybills claims that password should be 8-10
> characters long and should include at least two digits and Latin
> letters. Whatever I tried as password - I was not able to pass their
> regex test. After a bit of diggingI found following in the
> https://www.mybills.co.il/js/Validations.js
>
> //var passREGEX
> = /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%^&*()+-_=])).*/;
> var passREGEX
> = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!\?\^@])(?=.{8,})/;
> I tried first (commented out) regex in the regex101.com and indeed
> password with 2 digits and 2 Latin letters matches I tried the second
> (active) one- no matches. Any idea what password should looks like to
> match this regex? I tried to contact mybills's support - no luck
> here :( Valery
Hi Valery,
I'm not sure what you're trying to do here. Are you trying to debug
their regex so they can fix it? Are you trying to make your own regex
to produce valid passwords you can submit to them? You said:
================================================
Mybills claims that password should be 8-10 characters long and
should include at least two digits and Latin letters.
================================================
Are you saying that all characters should be Latin, or only some of
them? Should everything that's not be a digit be [A-Z,a-z]?
Anyway, in my opinion regex is an abysmal way to solve this. Like bash
one-liners and SQL, regex is great for writing a very short solution.
Like bash one-liners and SQL, using it for stuff it wasn't intended to
be used for takes more time than just writing out the code.
So I'd do it more like this:
=======================================================
#!/usr/bin/python3
MAXLEN=10
MINLEN=8
MINDIGITS=2
import sys
import string
def isascii(ltr):
asc='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
return(len(asc.split(ltr, 2)) == 2)
def main():
groups={'digits': 0, 'letters': 0}
candidate = sys.argv[1]
if len(candidate) > MAXLEN or len(candidate) < MINLEN:
msg='BADPASS, password length must be {} to {}.'
msg=msg.format(MINLEN, MAXLEN)
print(msg)
sys.exit(1)
max = len(candidate)
for ss in range(0, len(candidate)):
ltr = candidate[ss]
if ltr.isdigit():
groups['digits'] += 1
elif isascii(ltr):
groups['letters'] += 1
else:
msg='BADPASS: Bad password character "{}", '
msg+='only 0-9, A-Z, a-z allowed.'
msg = msg.format(ltr)
print(msg)
sys.exit(1)
if groups['digits'] < MINDIGITS:
msg='BADPASS, password must contain at least '
msg+='{} digits.'
msg=msg.format(MINDIGITS)
print(msg)
sys.exit(1)
if groups['digits'] + groups['letters'] != len(candidate):
msg='INTERNAL ERROR, letters and digits don\'t add '
msg+='up to password length: Contact developer!'
print(msg)
sys.exit(1)
print('Password passes with flying colors.')
sys.exit(0)
if __name__ == "__main__":
main()
=======================================================
================================================
--
SteveT
Steve Litt
February 2016 featured book: The Key to Everyday Excellence
http://www.troubleshooters.com/key
More information about the Linux-il
mailing list