path: root/mysql-test/suite/plugins/t/simple_password_check.test

--source include/not_embedded.inc

if (!$SIMPLE_PASSWORD_CHECK_SO) {
  skip No SIMPLE_PASSWORD_CHECK plugin;
}

install soname "simple_password_check";

--vertical_results
--replace_result .dll .so
select * from information_schema.plugins where plugin_name='simple_password_check';

select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';

# Create user with no password.
--error ER_NOT_VALID_PASSWORD
create user foo1;

--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';

--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';

grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;

create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;

set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';

create user foo1 identified by '123:qwe:ASD!';
drop user foo1;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';

create user foo1 identified by '123:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:-23:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('4we:123:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:123:4SD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('qwe:123:ASD4');
set password for foo1 = password('qwe:123:ASD!');

# now, strict_password_validation
select @@strict_password_validation;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified by password '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified by password '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
--error ER_PASSWORD_NO_MATCH
grant select on *.* to foo2 identified with mysql_old_password;

# direct updates are not protected
update mysql.user set password='xxx' where user='foo1';

set global strict_password_validation=0;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;

set global strict_password_validation=1;
drop user foo1;

#
# MDEV-9940 CREATE ROLE blocked by password validation plugin
#
create role r1;
drop role r1;

uninstall plugin simple_password_check;

create user foo1 identified by 'pwd';
drop user foo1;