mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-17 09:22:30 -05:00
[INVALID] 1 special still required with Password generator policy "Minimum special" 0 #5555
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jeroenhabets on GitHub (May 12, 2024).
Invalid as per @stefan0xC 's helpful comment:
So it's not a Bug, but rather you need to uncheck the "!@#$%^&*" checkbox in the policy (setting "Minimum special" 0 won't cut it)
original report:
Subject of the issue
After needing a URL-safe secret, I've updated my organisation's "Password generator policy" by setting "Minimum Special" to 0 but it keeps on jumping back to 1 in the generator.
Both in the (synced) Firefox add-on and directly in the web vault under Tools, the generator does not allow unchecking the "!@#$%^&*" checkbox (as it's disabled), nor reducing setting "Minimum Special" from 1 to 0.
After reducing setting "Minimum Special" from 1 to 0, it immediately jumps back to 1.
Deployment environment
Your environment (Generated via diagnostics page)
(* Firefox add-on version: 2024.4.1)
Steps to reproduce
See "Subject of the issue" above.
P.S. Not sure if this is caused by vaultwarden or all the clients I've used.
@stefan0xC commented on GitHub (May 12, 2024):
But the disabled checkmark is shown as active, right? That means you enforce the password to include a special character via an organization policy. If you require a special character the minimum has to be 1 even if you don't specify a minimum explicitly. The logic of how the password generator policy works could probably be improved in the client (e.g. automatically enabling/disabling the enforcement of special characters depending on the minimum that is set, or setting the minimum to at least 1 if you enable it so there's no confusion) but that's outside of our control.
@jeroenhabets commented on GitHub (May 12, 2024):
Thanks @stefan0xC ! I've updated it, including the description in case someone else hits the same "issue" in the future.