[INVALID] 1 special still required with Password generator policy "Minimum special" 0 #5555

Closed
opened 2026-03-07 20:29:33 -06:00 by GiteaMirror · 2 comments
Owner

Originally created by @jeroenhabets on GitHub (May 12, 2024).

Invalid as per @stefan0xC 's helpful comment:

But the disabled checkmark is shown as active, right? That means you enforce the password to include a special character via an organization policy.

So it's not a Bug, but rather you need to uncheck the "!@#$%^&*" checkbox in the policy (setting "Minimum special" 0 won't cut it)


original report:

Subject of the issue

After needing a URL-safe secret, I've updated my organisation's "Password generator policy" by setting "Minimum Special" to 0 but it keeps on jumping back to 1 in the generator.

Both in the (synced) Firefox add-on and directly in the web vault under Tools, the generator does not allow unchecking the "!@#$%^&*" checkbox (as it's disabled), nor reducing setting "Minimum Special" from 1 to 0.

After reducing setting "Minimum Special" from 1 to 0, it immediately jumps back to 1.

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.30.5
  • Web-vault version: v2024.1.2b
    (* Firefox add-on version: 2024.4.1)
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Environment settings overridden: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Clients used: web vault, Firefox add-on version: 2024.4.1

Steps to reproduce

See "Subject of the issue" above.

P.S. Not sure if this is caused by vaultwarden or all the clients I've used.

Originally created by @jeroenhabets on GitHub (May 12, 2024). Invalid as per @stefan0xC 's [helpful comment](https://github.com/dani-garcia/vaultwarden/issues/4551#issuecomment-2106338686): > But the disabled checkmark is shown as active, right? That means you enforce the password to include a special character via an organization policy. So it's not a Bug, but rather you need to uncheck the "!@#$%^&*" checkbox in the policy (setting "Minimum special" 0 won't cut it) --- original report: ### Subject of the issue After needing a URL-safe secret, I've updated my organisation's "Password generator policy" by setting "Minimum Special" to 0 but it keeps on jumping back to 1 in the generator. Both in the (synced) Firefox add-on and directly in the web vault under Tools, the generator does not allow unchecking the "!@#$%^&*" checkbox (as it's disabled), nor reducing setting "Minimum Special" from 1 to 0. After reducing setting "Minimum Special" from 1 to 0, it immediately jumps back to 1. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.30.5 * Web-vault version: v2024.1.2b (* Firefox add-on version: 2024.4.1) * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Clients used: web vault, Firefox add-on version: 2024.4.1 ### Steps to reproduce See "Subject of the issue" above. P.S. Not sure if this is caused by vaultwarden or all the clients I've used.
Author
Owner

@stefan0xC commented on GitHub (May 12, 2024):

the generator does not allow unchecking the "!@#$%^&*" checkbox (as it's disabled)

But the disabled checkmark is shown as active, right? That means you enforce the password to include a special character via an organization policy. If you require a special character the minimum has to be 1 even if you don't specify a minimum explicitly. The logic of how the password generator policy works could probably be improved in the client (e.g. automatically enabling/disabling the enforcement of special characters depending on the minimum that is set, or setting the minimum to at least 1 if you enable it so there's no confusion) but that's outside of our control.

@stefan0xC commented on GitHub (May 12, 2024): > the generator does not allow unchecking the "!@#$%^&*" checkbox (as it's disabled) But the disabled checkmark is shown as active, right? That means you enforce the password to include a special character via an organization policy. If you require a special character the minimum has to be 1 even if you don't specify a minimum explicitly. The logic of how the password generator policy works could probably be improved in the client (e.g. automatically enabling/disabling the enforcement of special characters depending on the minimum that is set, or setting the minimum to at least 1 if you enable it so there's no confusion) but that's outside of our control.
Author
Owner

@jeroenhabets commented on GitHub (May 12, 2024):

Thanks @stefan0xC ! I've updated it, including the description in case someone else hits the same "issue" in the future.

@jeroenhabets commented on GitHub (May 12, 2024): Thanks @stefan0xC ! I've updated it, including the description in case someone else hits the same "issue" in the future.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#5555