From 35f3d2fbac3ad1e66e5ef5e77ffd628eed3b1da9 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Thu, 25 Jan 2018 21:12:57 +0000
Subject: [PATCH] Block simple numeric passwords in ChooseLockPassword

Fix the previously-missing case where the user elects to set
a password (instead of PIN), but still sets a numeric password
that contains repeated sequence which should be blocked by admin
policy.

Bug: 72039850
Test: Set NUMERIC_COMPLEX password quality, then attempt to
      enroll a repeating numeric PIN as lockscreen *password*
Change-Id: I7c7525716b37a5330147b899b80026ca71c3ce0c
---
 .../settings/password/ChooseLockPassword.java      | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index 38fdbcec003..50cb40ac27c 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -636,13 +636,15 @@ public class ChooseLockPassword extends SettingsActivity {
         }
 
         /**
-         * Validates PIN and returns the validation result.
+         * Validates PIN/Password and returns the validation result.
          *
          * @param password the raw password the user typed in
          * @return the validation result.
          */
         private int validatePassword(String password) {
             int errorCode = NO_ERROR;
+            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
+
 
             if (password.length() < mPasswordMinLength) {
                 if (mPasswordMinLength > mPasswordMinLengthToFulfillAllPolicies) {
@@ -652,8 +654,14 @@ public class ChooseLockPassword extends SettingsActivity {
                 errorCode |= TOO_LONG;
             } else {
                 // The length requirements are fulfilled.
-                if (mRequestedQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX) {
+                final int dpmQuality = mLockPatternUtils.getRequestedPasswordQuality(mUserId);
+                if (dpmQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX &&
+                        metrics.numeric == password.length()) {
                     // Check for repeated characters or sequences (e.g. '1234', '0000', '2468')
+                    // if DevicePolicyManager requires a complex numeric password. There can be
+                    // two cases in the UI: 1. User chooses to enroll a PIN, 2. User chooses to
+                    // enroll a password but enters a numeric-only pin. We should carry out the
+                    // sequence check in both cases.
                     final int sequence = PasswordMetrics.maxLengthSequence(password);
                     if (sequence > PasswordMetrics.MAX_ALLOWED_SEQUENCE) {
                         errorCode |= CONTAIN_SEQUENTIAL_DIGITS;
@@ -674,8 +682,6 @@ public class ChooseLockPassword extends SettingsActivity {
                 }
             }
 
-            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
-
             // Ensure no non-digits if we are requesting numbers. This shouldn't be possible unless
             // user finds some way to bring up soft keyboard.
             if (mRequestedQuality == PASSWORD_QUALITY_NUMERIC