This patch enables you to govern password rules on the client-side. A big thanks to Matthew E. Porter for providing this.
This patch relates to JRA-2470 and is only meant as an interim solution.
Instructions
*Edit file:* <jira_install_dir>/atlassian-jira/secure/views/user/changepassword.jsp
Add the following code after the last '<%@ taglib ... %>':
changepassword.jsp
<script type="text/javascript"> function hasUpperCaseCharacter(password) { return password.match("\[A-Z\]") != null; } function hasLowerCaseCharacter(password) { return password.match("\[a-z\]") != null; } function hasNumericCharacter(password) { return password.match("\[0-9\]") != null; } function hasSpecialCharacter(password) { return password.match("\[!@#$%^&*()\]") != null; } function checkPassword(password) { var valid = password.length >= 8 && hasUpperCaseCharacter(password) && hasLowerCaseCharacter(password) && hasNumericCharacter(password) && hasSpecialCharacter(password); if (!valid) { alert("Password must be at least 8 characters and must contain an upper case character, a lower case character, a numeric character, and a special character (!@#$%^&*()."); } return valid; } </script>
Add the following line after the 'submitName' parameter is passed:
changepassword.jsp
<page:param name="onsubmit">return checkPassword(document.forms.jiraform.password.value)</page:param>
This should now display the alert message when a user does not enter a valid password.
It does not stop a person manually entering a password in the url though.
Labels
(None)