Fixes client side password checks.

If the settings require letters AND digits, false must be returned if either of the conditions are not fulfilled. Same goes of upper and lower case requirements. Fixes: SE-14149
scireum · Nov 25, 2024 · bec35fa · bec35fa
1 parent c6dab63
commit bec35fa
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/resources/default/templates/biz/password/change-password-script.html.pasta b/src/main/resources/default/templates/biz/password/change-password-script.html.pasta
@@ -84,11 +84,11 @@
                 return false;
             }
 
-            if (settings.requireLettersAndDigits && !/\d/.test(password) && !/[a-zA-Z]/.test(password)) {
+            if (settings.requireLettersAndDigits && (!/\d/.test(password) || !/[a-zA-Z]/.test(password))) {
                 return false;
             }
 
-            if (settings.requireUpperAndLowerCase && !/[a-z]/.test(password) && !/[A-Z]/.test(password)) {
+            if (settings.requireUpperAndLowerCase && (!/[a-z]/.test(password) || !/[A-Z]/.test(password))) {
                 return false;
             }