Friendlier error message when the password is too long (#10626)

* Friendlier error message when the password is too long

* Remove CTA

Co-authored-by: Tim Jacomb <21194782+timja@users.noreply.github.com>

* Remove "yours"

---------

Co-authored-by: Daniel Beck <daniel-beck@users.noreply.github.com>
Co-authored-by: Tim Jacomb <21194782+timja@users.noreply.github.com>

Author: daniel-beck

core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java

@@ -939,6 +939,9 @@ public String encode(CharSequence rawPassword) {
                 return super.encode(rawPassword);
             } catch (IllegalArgumentException ex) {
                 if (ex.getMessage().equals("password cannot be more than 72 bytes")) {
+                    if (rawPassword.toString().matches("\\A\\p{ASCII}+\\z")) {
+                        throw new IllegalArgumentException(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong_ASCII());
+                    }
                     throw new IllegalArgumentException(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong());
                 }
                 throw ex;

core/src/main/resources/hudson/security/Messages.properties

@@ -37,7 +37,8 @@ HudsonPrivateSecurityRealm.ManageUserLinks.Description=Create/delete/modify user
 HudsonPrivateSecurityRealm.CreateAccount.TextNotMatchWordInImage=Text didn''t match the word shown in the image
 HudsonPrivateSecurityRealm.CreateAccount.PasswordNotMatch=Password didn''t match
 HudsonPrivateSecurityRealm.CreateAccount.FIPS.PasswordLengthInvalid=Password must be at least 14 characters long
-HudsonPrivateSecurityRealm.CreateAccount.BCrypt.PasswordTooLong=Jenkins’ own user database currently only supports passwords of up to 72 bytes UTF-8 (72 basic ASCII characters, 24-36 CJK characters, or 18 emoji). Please use a shorter password.
+HudsonPrivateSecurityRealm.CreateAccount.BCrypt.PasswordTooLong.ASCII=Password cannot be longer than 72 characters.
+HudsonPrivateSecurityRealm.CreateAccount.BCrypt.PasswordTooLong=Password cannot be longer than 72 characters (a-z, A-Z, 0-9, and basic punctuation; fewer when using other characters, like Chinese characters or emoji).
 HudsonPrivateSecurityRealm.CreateAccount.PasswordRequired=Password is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameRequired=User name is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameInvalidCharacters=User name must only contain alphanumeric characters, underscore and dash

core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java

@@ -157,8 +157,16 @@ public void testJBCryptPasswordMatching() {
     }
 
     @Issue("JENKINS-75533")
-    public void ensureExpectedMessage() {
+    public void ensureExpectedMessageAscii() {
         final IllegalArgumentException ex = Assert.assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode("1234567890123456789012345678901234567890123456789012345678901234567890123"));
+        assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong_ASCII()));
+    }
+
+    @Issue("JENKINS-75533")
+    public void ensureExpectedMessageEmoji() {
+        final IllegalArgumentException ex = Assert.assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode(
+                "\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20" +
+                        "\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20")); // 🤠
         assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong()));
     }
 }