Merge remote-tracking branch 'apache/4.18'

server/src/main/java/com/cloud/user/PasswordPolicyImpl.java

@@ -27,6 +27,12 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable {
     private Logger logger = Logger.getLogger(PasswordPolicyImpl.class);
 
     public void verifyIfPasswordCompliesWithPasswordPolicies(String password, String username, Long domainId) {
+        if (StringUtils.isEmpty(password)) {
+            logger.warn(String.format("User [%s] has an empty password, skipping password policy checks. " +
+                    "If this is not a LDAP user, there is something wrong.", username));
+            return;
+        }
+
         int numberOfSpecialCharactersInPassword = 0;
         int numberOfUppercaseLettersInPassword = 0;
         int numberOfLowercaseLettersInPassword = 0;
@@ -188,8 +194,8 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable {
         logger.trace(String.format("Validating if the new password for user [%s] matches regex [%s] defined in the configuration [%s].",
                 username, passwordPolicyRegex, PasswordPolicyRegex.key()));
 
-        if (passwordPolicyRegex == null){
+        if (StringUtils.isEmpty(passwordPolicyRegex)) {
-            logger.trace(String.format("Regex is null; therefore, we will not validate if the new password matches with regex for user [%s].", username));
+            logger.trace(String.format("Regex is empty; therefore, we will not validate if the new password matches with regex for user [%s].", username));
             return;
         }