added check for Both lower and uppercase to prevent passwords simila… (#1287)

Avinash1423 · web-flow · commit 5a26a0e37313 · 2025-12-23T07:55:58.000-08:00
Resolves #1285 by making the username check case-insensitive and improving test clarity. Signed-off-by: Avinash Niyas <avinashNiyaz1423@gmail.com>
diff --git a/src/test/java/org/opensearch/flowframework/FlowFrameworkRestTestCase.java b/src/test/java/org/opensearch/flowframework/FlowFrameworkRestTestCase.java
@@ -356,6 +356,9 @@ protected boolean preserveClusterSettings() {
      * @return a random password.
      */
     public static String generatePassword(String username) {
+
+        String lowerName = username.toLowerCase(Locale.ROOT);
+
         String upperCase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
         String lowerCase = "abcdefghijklmnopqrstuvwxyz";
         String digits = "0123456789";
@@ -371,11 +374,12 @@ public static String generatePassword(String username) {
         password[2] = digits.charAt(rng.nextInt(digits.length()));
         password[3] = special.charAt(rng.nextInt(special.length()));
 
+        // Reject characters that appear in username (case-insensitive)
         for (int i = 4; i < 15; i++) {
             char nextChar;
             do {
                 nextChar = characters.charAt(rng.nextInt(characters.length()));
-            } while (username.indexOf(nextChar) > -1);
+            } while (lowerName.indexOf(Character.toLowerCase(nextChar)) > -1);
             password[i] = nextChar;
         }
 
