DPMS: Fix password complexity comparison
The method for validating whether a given password is sufficient for a
given complexity was returning the wrong value in the general case.
validatePasswordMetrics should return true when the actualMetrics of
a password satisfy the minComplexity passed in.
However, the isPin argument, skews the result such that an all-digit
PIN is considered not sufficient, because the only credential type
recognized in that method is the "password" type, and for that
credential type a non-digit character is required.
This worked for checking whether the password is sufficient in the
UI code, where isPin indicated whether the user chose a PIN or password.
However it does not work for the general case, for example for enforcing
complexity.
This change gets rid of the 'allowsNumericPassword()' criteria for
complexity buckets. Instead, the minimal length is calculated based on
whether the actualMetrics already have a non-numeric character, OR
a non-numeric character is required by the admin-set password quality
requirements (in the case when merging complexity and quality).
Bug: 172312413
Bug: 165573442
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest MixedDeviceOwnerTest MixedProfileOwnerTest OrgOwnedProfileOwnerTest MixedDeviceOwnerTestApi25 MixedManagedProfileOwnerTest
Change-Id: I3227d4d8e6825b5c4ea525828d7e09f52702065b
1 file changed