Description of problem:
In my test, I just create one user virtwho and defined the password as virtwho00, in the Password row we can see the message below
**Password - Your password cannot contain your username**
and in the Verify row
**Verify - password match**
But after submit, we can see the password was accepted.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create new user
2. Define the password with the username as part of password
3. Click on Submit
Should not accept, once we can see the message **Your password cannot contain your username**
Created attachment 1220402 [details]
Created attachment 1220403 [details]
Created attachment 1220404 [details]
virtwho user logged
I don't think we should display such validation message. I don't think admin_kdjgdlkjgsdlkfgjdklgdslkfgjdlfkgj password would be less secure. So as a fix I'll remove the JS validation message.
Created redmine issue http://projects.theforeman.org/issues/17334 from this bug
Waldirio M Pinheiro | Senior Software Maintenance Engineer
Upstream bug assigned to email@example.com
After more upstream discussion it turns out that the JS validation still has some value so we'll keep it but change the wording so it does not indicate it's forbidden to include username in password. The result should be in recommendation tone, e.g. "Your password should not contain your username"
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17334 has been resolved.
Satellite-6.3 Snap 10
Trying to set the password of the user "foo" to "foo123" yields "Your password should not contain your username"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
For information on the advisory, and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.