Fix expected password length to 8 chars at least (#849)

It was wrongly set to 9 while users were prompted to insert at least 8 chars

iam-login-service/src/main/java/it/infn/mw/iam/util/RegexUtil.java

@@ -22,7 +22,7 @@ private RegexUtil() {}
   // Regex matches password with at least one lowercase letter, one uppercase
   // letter, one number, one symbol and minimum length of 8 characters
   public static final String PASSWORD_REGEX =
-      "^(?=.*[\\p{Lower}])(?=.*[\\p{Upper}])(?=.*[\\p{Digit}])(?=.*[\\p{Punct}]).{8,}([^\\r\\t\\v\\f\\n]+)$";
+      "^(?=.*[\\p{Lower}])(?=.*[\\p{Upper}])(?=.*[\\p{Digit}])(?=.*[\\p{Punct}]).{7,}([^\\r\\t\\v\\f\\n]+)$";
   public static final String PASSWORD_REGEX_MESSAGE_ERROR =
       "The password must include at least one uppercase letter, one lowercase letter, one number, one symbol (e.g., @$!%*?&) and must contain at least 8 characters for greater security.";
 }

iam-login-service/src/main/webapp/resources/iam/apps/dashboard-app/directives/password.directive.js

@@ -18,7 +18,7 @@ angular.module('dashboardApp').directive('strongPassword', function () {
         require: 'ngModel',
         link: function (scope, element, attrs, ngModel) {
             ngModel.$parsers.unshift(function (viewValue) {
-                var passwordStrengthRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[(!"#$%&'()*+,-./:;<=>?@[\]\^ `{|}~)])([^\r\t\v\f\n]+).{8,}$/;
+                var passwordStrengthRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[(!"#$%&'()*+,-./:;<=>?@[\]\^ `{|}~)])([^\r\t\v\f\n]+).{7,}$/;
                 var isStrong = passwordStrengthRegex.test(viewValue);
 
                 ngModel.$setValidity('strongPassword', isStrong);

iam-login-service/src/main/webapp/resources/iam/js/directive/password.directive.js

@@ -18,7 +18,7 @@ angular.module('passwordResetApp').directive('strongPassword', function () {
         require: 'ngModel',
         link: function (scope, element, attrs, ngModel) {
             ngModel.$parsers.unshift(function (viewValue) {
-                var passwordStrengthRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!"#$%&'()*+,-./:;<=>?@[\]\^ `{|}~]).{8,}([^\r\t\v\f\n]+)$/;
+                var passwordStrengthRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!"#$%&'()*+,-./:;<=>?@[\]\^ `{|}~]).{7,}([^\r\t\v\f\n]+)$/;
                 var isStrong = passwordStrengthRegex.test(viewValue);
                 ngModel.$setValidity('strongPassword', isStrong);
                 return viewValue;

iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/password/PasswordUpdateTests.java

@@ -137,6 +137,29 @@ public void testUpdatePassword() {
         .getAccessToken();
   }
 
+  @Test
+  public void testUpdatePasswordWithMinLength() {
+
+    String currentPassword = "password";
+    String newPassword = "S3crP@ss";
+
+    String accessToken = passwordTokenGetter().port(iamPort)
+        .username(testUser.getUserName())
+        .password(currentPassword)
+        .getAccessToken();
+
+    doPost(accessToken, currentPassword, newPassword).statusCode(HttpStatus.OK.value());
+
+    passwordTokenGetter().port(iamPort)
+        .username(testUser.getUserName())
+        .password(newPassword)
+        .getAccessToken();
+
+    currentPassword = newPassword;
+    newPassword = "T0S#ort";
+    doPost(accessToken, currentPassword, newPassword).statusCode(HttpStatus.BAD_REQUEST.value());
+  }
+
   @Test
   public void testUpdatePasswordFullAuthenticationRequired() {