add password verify function

oehrlis · Dec 13, 2023 · c215cda · c215cda
1 parent 26e62e1
commit c215cda
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [1.5.0] - 2023-12-13
+
+### Added
+
+- add a generic password verify function [cssec_pwverify.sql](https://github.com/oehrlis/oradba/blob/master/sql/cssec_pwverify.sql) The password strength and complexity can be configured by the internal variables at create time
+- Script [sssec_pwverify_test.sql](https://github.com/oehrlis/oradba/blob/master/sql/sssec_pwverify_test.sql) to verify the custom password verify function. List of passwords to be tested have to added to the script / varchar2 array
+
 ## [1.4.0] - 2023-12-11
 
 ### Added

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v1.4.0
+v1.5.0
diff --git a/sql/README.md b/sql/README.md
@@ -71,11 +71,12 @@ The following SQL scripts are available.
 
 The following SQL scripts are available.
 
-| Script                                   | Alias                      | Purpose                                                                                                                                   |
-|------------------------------------------|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|
-| [sdsec_sysobj.sql](sdsec_sysobj.sql)     | [sysobj.sql](sysobj.sql)   | Show respectively create a list of granted SYS object privileges                                                                          |
-| [sdsec_syspriv.sql](sdsec_syspriv.sql)   | [syspriv.sql](syspriv.sql) | Show respectively create a list of granted system privileges                                                                              |
-| [cssec_pwverify.sql](cssec_pwverify.sql) |                            | Create a custom password verify function. The password strength and complexity can be configured by the internal variables at create time |
+| Script                                             | Alias                      | Purpose                                                                                                                                   |
+|----------------------------------------------------|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|
+| [sdsec_sysobj.sql](sdsec_sysobj.sql)               | [sysobj.sql](sysobj.sql)   | Show respectively create a list of granted SYS object privileges                                                                          |
+| [sdsec_syspriv.sql](sdsec_syspriv.sql)             | [syspriv.sql](syspriv.sql) | Show respectively create a list of granted system privileges                                                                              |
+| [cssec_pwverify.sql](cssec_pwverify.sql)           |                            | Create a custom password verify function. The password strength and complexity can be configured by the internal variables at create time |
+| [sssec_pwverify_test.sql](sssec_pwverify_test.sql) |                            | Script to verify the custom password verify function. List of passwords to be tested have to added to the script / varchar2 array         |
 
 ### SQL Developer Reports
 

diff --git a/sql/sssec_pwverify_test.sql b/sql/sssec_pwverify_test.sql
@@ -0,0 +1,60 @@
+--------------------------------------------------------------------------------
+-- Accenture, Data Platforms
+-- Saegereistrasse 29, 8152 Glattbrugg, Switzerland
+--------------------------------------------------------------------------------
+-- Name......: sssec_pwverify_test.sql
+-- Author....: Stefan Oehrli (oes) [email protected]
+-- Editor....: Stefan Oehrli
+-- Date......: 2023.12.12
+-- Usage.....: 
+-- Purpose...: Test the password verify function
+-- Notes.....: 
+-- Reference.: 
+-- License...: Apache License Version 2.0, January 2004 as shown
+--             at http://www.apache.org/licenses/
+--------------------------------------------------------------------------------
+
+--------------------------------------------------------------------------------
+-- create a temporary type
+CREATE OR REPLACE TYPE table_varchar AS
+    TABLE OF VARCHAR2(128)
+/
+
+--------------------------------------------------------------------------------
+-- Anonymous PL/SQL Block to test the password function
+DECLARE
+    username VARCHAR2(100)          := 'john_doe';
+    old_password VARCHAR2(100)      := 'OldPass123';
+    test_passwords table_varchar    := table_varchar(
+        'NewPass123!', 
+        'short', 
+        'NewPassword12nnewpassword123',
+        'newpassword12nnewpassword123',
+        'NewPassword12n-dwpassword123',
+        'verylongpasswordthatexceedsthemaximumlength', 
+        'NoDigit123', 
+        'nodigitOrSpecialChar', 
+        'john_doePass');
+    result BOOLEAN;
+BEGIN
+    FOR i IN 1..test_passwords.COUNT LOOP
+        BEGIN
+            result := oradba_verify_function(username, test_passwords(i), old_password);
+            IF result THEN
+                DBMS_OUTPUT.PUT_LINE('Password "' || test_passwords(i) || '" is valid.');
+            ELSE
+                DBMS_OUTPUT.PUT_LINE('Password "' || test_passwords(i) || '" is invalid.');
+            END IF;
+        EXCEPTION
+            WHEN OTHERS THEN
+                DBMS_OUTPUT.PUT_LINE('Error with password "' || test_passwords(i) || '": ' || SQLERRM);
+        END;
+    END LOOP;
+END;
+/
+
+--------------------------------------------------------------------------------
+-- drop temporary created type
+DROP TYPE table_varchar
+/
+-- EOF -------------------------------------------------------------------------