In this article we will discuss how we can change password policy by using identity server specific configurations. Also we will discuss about updating API store sign-up page according to custom password policy. So when new users sign-up in API store it will be easy for them.
Please follow below instructions to change password policy by updating identity-mgt.properties file available in repository/conf/security directory.
You can find more information from this url - https://docs.wso2.com/display/IS450/Password+Policies
Do necessary changes in identity-mgt.properties file
# Identity listener is enable
Identity.Listener.Enable=true
# Define password policy enforce extensions
Password.policy.extensions.1=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordLengthPolicy
Password.policy.extensions.1.min.length=6
Password.policy.extensions.1.max.length=32
Password.policy.extensions.2=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordNamePolicy
Password.policy.extensions.3=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordPatternPolicy
Password.policy.extensions.3.pattern=^((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])).{0,100}$
Password should contain a digit 0-9, a lower case letter a-z, an upper case letter A-Z, one of !@#$%&* characters as in Password.policy.extensions.3.pattern. But sign-up process has issue with this pattern.
Then we can customize sign-up process of store by adding sub theme.
1. create a folder call custom-signup in below path of store. You can give any preferable name.
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/subthemes/custom-signup
2. copy following folders to above location.
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/js folder to wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/subthemes/custom-signup
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/templates folder to wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/subthemes/custom-signup
3. Open below file. This file contain password validation function of sign-up.
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/subthemes/custom-signup/js/lib/jquery.validate.password.js
You can change validation logic written in $.validator.passwordRating = function(password, username) according to above pattern or whatever pattern you want.
Please find the attach jquery.validate.password.js modified according to above pattern.
(function($) {
function rating(rate, message) {
return {
rate: rate,
messageKey: message
};
}
function uncapitalize(str) {
return str.substring(0, 1).toLowerCase() + str.substring(1);
}
$.validator.passwordRating = function(password, username) {
var minLength = 6;
var passwordStrength = 0;
if ((password.length >0) && (password.length <=5)) passwordStrength=0;
if (password.length >= minLength) passwordStrength++;
if ((password.match(/[a-z]/)) && (password.match(/[A-Z]/))) passwordStrength++;
if (password.match(/\d+/)) passwordStrength++;
if (password.match(/.[!,@,#,$,%,^,&,*]/)) passwordStrength++;
if (password.length > 12) passwordStrength++;
if (username && password.toLowerCase()== username.toLowerCase()){
passwordStrength = 0;
}
$('#pwdMeter').removeClass();
$('#pwdMeter').addClass('neutral');
switch(passwordStrength){
case 1:
return rating(1, "very-weak");
break;
case 2:
return rating(2, "weak");
break;
case 3:
return rating(3, "weak");
break;
case 4:
return rating(4, "medium");
break;
case 5:
return rating(5, "strong");
break;
case 6:
return rating(5, "vstrong");
break;
default:
return rating(1, "very-weak");
}
}
$.validator.passwordRating.messages = {
"similar-to-username": "Too similar to username",
"very-weak": "Very weak",
"weak": "Weak",
"medium": "Medium",
"strong": "Strong",
"vstrong": "Very Strong"
}
$.validator.addMethod("password", function(value, element, usernameField) {
// use untrimmed value
var password = element.value,
// get username for comparison, if specified
username = $(typeof usernameField != "boolean" ? usernameField : []);
var rating = $.validator.passwordRating(password, username.val());
// update message for this field
var meter = $(".password-meter", element.form);
meter.find(".password-meter-bar").removeClass().addClass("password-meter-bar").addClass("password-meter-" + rating.messageKey);
meter.find(".password-meter-message")
.removeClass()
.addClass("password-meter-message")
.addClass("password-meter-message-" + rating.messageKey)
.text($.validator.passwordRating.messages[rating.messageKey]);
// display process bar instead of error message
return rating.rate > 3;
}, "Minimum system requirements not met");
// manually add class rule, to make username param optional
$.validator.classRuleSettings.password = { password: true };
})(jQuery);
Also make sure return rating.rate > 2; of $.validator.addMethod("password", function(value, element, usernameField) will give you the expected strength of password.
We can modify it as follows
return rating.rate > 3;
to make sure that entered password adhere above pattern.
4. If you want to change above Password.policy.extensions.3.pattern to different pattern and show password tips to user when entering password you need to edit following files.
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/subthemes/custom-signup/templates/user/sign-up/template.jag
Below section correspond to display password tips
<div class="help-block" id="password-help" style="display:none">
<%=i18n.localize("pwHelpMsgLine1")%>
<ul>
<li>This is new changed TIP :-) </li>
<li><%=i18n.localize("pwHelpMsgLine3")%></li>
<li><%=i18n.localize("pwHelpMsgLine4")%></li>
<li><%=i18n.localize("pwHelpMsgLine5")%></li>
</ul>
</div>
Please change text as you want in below file accroding to above keys.
wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/conf/locales/jaggery/locale_default.json
5. Finally, do below config to enable above changes in store.
Open wso2am-1.7.0/repository/deployment/server/jaggeryapps/store/site/conf/site.json
Add sub theme folder as below
"theme" : {
"base" : "fancy",
"subtheme" : "custom-signup"
},
This will override current user sign-up validation by above changes as well as if you did any changes to password tips text.