Block simple numeric passwords in ChooseLockPassword

Fix the previously-missing case where the user elects to set a password (instead of PIN), but still sets a numeric password that contains repeated sequence which should be blocked by admin policy. Bug: 72039850 Test: Set NUMERIC_COMPLEX password quality, then attempt to enroll a repeating numeric PIN as lockscreen *password* Change-Id: I7c7525716b37a5330147b899b80026ca71c3ce0c
2018-01-25 21:12:57 +00:00
parent 396e91abf0
commit 35f3d2fbac
1 changed files with 10 additions and 4 deletions
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -636,13 +636,15 @@ public class ChooseLockPassword extends SettingsActivity {
        }

        /**
-         * Validates PIN and returns the validation result.
+         * Validates PIN/Password and returns the validation result.
         *
         * @param password the raw password the user typed in
         * @return the validation result.
         */
        private int validatePassword(String password) {
            int errorCode = NO_ERROR;
+            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
+

            if (password.length() < mPasswordMinLength) {
                if (mPasswordMinLength > mPasswordMinLengthToFulfillAllPolicies) {
@@ -652,8 +654,14 @@ public class ChooseLockPassword extends SettingsActivity {
                errorCode |= TOO_LONG;
            } else {
                // The length requirements are fulfilled.
-                if (mRequestedQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX) {
+                final int dpmQuality = mLockPatternUtils.getRequestedPasswordQuality(mUserId);
+                if (dpmQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX &&
+                        metrics.numeric == password.length()) {
                    // Check for repeated characters or sequences (e.g. '1234', '0000', '2468')
+                    // if DevicePolicyManager requires a complex numeric password. There can be
+                    // two cases in the UI: 1. User chooses to enroll a PIN, 2. User chooses to
+                    // enroll a password but enters a numeric-only pin. We should carry out the
+                    // sequence check in both cases.
                    final int sequence = PasswordMetrics.maxLengthSequence(password);
                    if (sequence > PasswordMetrics.MAX_ALLOWED_SEQUENCE) {
                        errorCode |= CONTAIN_SEQUENTIAL_DIGITS;
@@ -674,8 +682,6 @@ public class ChooseLockPassword extends SettingsActivity {
                }
            }

-            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
-
            // Ensure no non-digits if we are requesting numbers. This shouldn't be possible unless
            // user finds some way to bring up soft keyboard.
            if (mRequestedQuality == PASSWORD_QUALITY_NUMERIC