[Feature][Improvement] Introduce rule based password input validation.

[Thumimku]

Currently IS has password input validation with the following features.

• validating minimum characters
• validating maximum charectors
• validating against regex

Validating against regex is not user-friendly. Hence with this improvement, we plan to introduce the following validators.

• Min character
• Max character
• No. of Upper case
• No. of lower case
• No. of special characters

above configuration will provide fine-grained password validation configuration.

[Thumimku]

After the initial test found the updates:

• Proposed password validation feature is already added to the product but has not been tested or enabled.
• Rule-based password validation is skipped by checking Java regex by default
• InputValidation Handelr is disabled by default.
• I enabled and bypass the skipping point by manually changing the regex at the server startup.
• Early smoke tests are working as expected.

TODO

• Add configuration for the regex skip point to enable the feature by default, but we need to consider backward compatibility.
• Enable InputValidationHandler.
• Add UI improvements for the password validation section to support the new handler.
• Add UI improvement when creating a user, and updating user credentials.

[Thumimku]

Daily Update:
26/07:

• Started working on the feature.
• Checked the code for enabling the feature and do a couple of tests to check the feature stability.

28/07:

• Raised mail for expected delivery with current behavior.
• Started working on UIs

31/07(Updated):

• Worked on React UIs and find the gaps to fill the Console UIs PR: [POC] UI change for password validation identity-apps#3975

02/08:

• Tested the feasibility and backend effort estimation for the $ please refer the section Password Input Validation effort analysis in EPIC

04/08:

• I performed backend tasks analysed in the effort analysis.
• PR: Disable password policy validation handler by default
• PR: Add config for disabling password policy validation
• PR: Remove regex based password validation

[Thumimku]

Hi ,
POC: wso2/identity-apps#3975
At the moment we don't support Password expiry Rest API in the product, so we have to exclude the call from the console. By adding above mentioned tentative changes we can view the rule based password validation configuration UI with password history component.

[Thumimku]

This feature depend on the username input validation feature, hence we can move both in one go. Hence modifying the milestone.

[Thumimku]

Postponing to alpha cause we need tenant qualified URL feature to be enabled

[asekawa]

This feature fix will be QA rejected due to these L1 issues

1.#16929
2.#16930

[Thumimku]

Input validation for REST API: #16983

[Thumimku]

@bhagyasakalanka is working on integration test updates, can you please update the status.

[bhagyasakalanka]

Integration tests are fixed with: #17508
Default configuration is enabled with: wso2/carbon-identity-framework#5133