diff --git a/server/src/main/java/com/cloud/user/PasswordPolicyImpl.java b/server/src/main/java/com/cloud/user/PasswordPolicyImpl.java index 40eec5674cd..1082f3cc0d5 100644 --- a/server/src/main/java/com/cloud/user/PasswordPolicyImpl.java +++ b/server/src/main/java/com/cloud/user/PasswordPolicyImpl.java @@ -27,6 +27,12 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable { private Logger logger = Logger.getLogger(PasswordPolicyImpl.class); public void verifyIfPasswordCompliesWithPasswordPolicies(String password, String username, Long domainId) { + if (StringUtils.isEmpty(password)) { + logger.warn(String.format("User [%s] has an empty password, skipping password policy checks. " + + "If this is not a LDAP user, there is something wrong.", username)); + return; + } + int numberOfSpecialCharactersInPassword = 0; int numberOfUppercaseLettersInPassword = 0; int numberOfLowercaseLettersInPassword = 0; @@ -188,12 +194,12 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable { logger.trace(String.format("Validating if the new password for user [%s] matches regex [%s] defined in the configuration [%s].", username, passwordPolicyRegex, PasswordPolicyRegex.key())); - if (passwordPolicyRegex == null){ - logger.trace(String.format("Regex is null; therefore, we will not validate if the new password matches with regex for user [%s].", username)); + if (StringUtils.isEmpty(passwordPolicyRegex)) { + logger.trace(String.format("Regex is empty; therefore, we will not validate if the new password matches with regex for user [%s].", username)); return; } - if (!password.matches(passwordPolicyRegex)){ + if (!password.matches(passwordPolicyRegex)) { logger.error(String.format("User [%s] informed a new password that does not match with regex [%s]. Refusing the user's new password.", username, passwordPolicyRegex)); throw new InvalidParameterValueException("User password does not match with password policy regex."); }