Enforce password size limit

2024-06-03 00:54:32 +02:00 · 2023-07-02 10:13:42 -07:00 · 2023-07-02 10:13:42 -07:00 · 30098527b5
commit 30098527b5
parent ae633022ab
10 changed files with 97 additions and 41 deletions
--- a/wise-webapp/src/main/java/com/wisemapping/exceptions/PasswordTooLongException.java
+++ b/wise-webapp/src/main/java/com/wisemapping/exceptions/PasswordTooLongException.java
@ -0,0 +1,37 @@
+/*
+ *    Copyright [2022] [wisemapping]
+ *
+ *   Licensed under WiseMapping Public License, Version 1.0 (the "License").
+ *   It is basically the Apache License, Version 2.0 (the "License") plus the
+ *   "powered by wisemapping" text requirement on every single page;
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the license at
+ *
+ *       http://www.wisemapping.org/license
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+package com.wisemapping.exceptions;
+
+
+import javax.validation.constraints.NotNull;
+
+public class PasswordTooLongException
+        extends ClientException {
+    private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
+
+    public PasswordTooLongException() {
+        super("Password length must be less than 40 characters", Severity.WARNING);
+    }
+
+    @NotNull
+    @Override
+    protected String getMsgBundleKey() {
+        return PASSWORD_TOO_LONG;
+    }
+}
--- a/wise-webapp/src/main/java/com/wisemapping/model/User.java
+++ b/wise-webapp/src/main/java/com/wisemapping/model/User.java
@ -32,34 +32,36 @@ public class User
        extends Collaborator
        implements Serializable {

+    public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
+
    private String firstname;
    private String lastname;
    private String password;
    private String locale;
-	
+
    @Column(name = "activation_code")
    private long activationCode;
-	
+
    @Column(name = "activation_date")
    private Calendar activationDate;
-	
+
    @Column(name = "allow_send_email")
    private boolean allowSendEmail = false;
-	
+
    @Column(name = "authentication_type")
    private Character authenticationTypeCode = AuthenticationType.DATABASE.getCode();
-	
+
    @Column(name = "authenticator_uri")
    private String authenticatorUri;
-	
+
    @Column(name = "google_sync")
-	private Boolean googleSync;
+    private Boolean googleSync;

    @Column(name = "sync_code")
-	private String syncCode;
+    private String syncCode;

    @Column(name = "google_token")
-	private String googleToken;
+    private String googleToken;

    public User() {
    }
@ -88,7 +90,7 @@ public class User
        return password;
    }

-    public void setPassword(String password) {
+    public void setPassword(@javax.validation.constraints.NotNull String password) {
        this.password = password;
    }

@ -158,34 +160,34 @@ public class User
    }

    public void setAuthenticationTypeCode(Character authenticationTypeCode) {
-		this.authenticationTypeCode = authenticationTypeCode;
-	}
+        this.authenticationTypeCode = authenticationTypeCode;
+    }

-	public Boolean getGoogleSync() {
-		return googleSync;
-	}
+    public Boolean getGoogleSync() {
+        return googleSync;
+    }

-	public void setGoogleSync(Boolean googleSync) {
-		this.googleSync = googleSync;
-	}
-	
-	public String getSyncCode() {
-		return syncCode;
-	}
-	
-	public void setSyncCode(String syncCode) {
-		this.syncCode = syncCode;
-	}
+    public void setGoogleSync(Boolean googleSync) {
+        this.googleSync = googleSync;
+    }

-	public String getGoogleToken() {
-		return googleToken;
-	}
+    public String getSyncCode() {
+        return syncCode;
+    }

-	public void setGoogleToken(String googleToken) {
-		this.googleToken = googleToken;
-	}
-	
-	@Override
+    public void setSyncCode(String syncCode) {
+        this.syncCode = syncCode;
+    }
+
+    public String getGoogleToken() {
+        return googleToken;
+    }
+
+    public void setGoogleToken(String googleToken) {
+        this.googleToken = googleToken;
+    }
+
+    @Override
    public String toString() {
        return "User{" +
                "firstname='" + firstname + '\'' +
--- a/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java
@ -18,6 +18,7 @@

 package com.wisemapping.rest;

+import com.wisemapping.exceptions.PasswordTooLongException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.model.Collaboration;
 import com.wisemapping.model.Label;
@ -55,11 +56,15 @@ public class AccountController extends BaseController {

    @RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
-    public void changePassword(@RequestBody String password) {
+    public void changePassword(@RequestBody String password) throws PasswordTooLongException {
        if (password == null) {
            throw new IllegalArgumentException("Password can not be null");
        }

+        if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
+            throw new PasswordTooLongException();
+        }
+
        final User user = Utils.getUser(true);
        user.setPassword(password);
        userService.changePassword(user);
--- a/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java
@ -19,6 +19,7 @@
 package com.wisemapping.rest;

 import com.wisemapping.exceptions.EmailNotExistsException;
+import com.wisemapping.exceptions.PasswordTooLongException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.model.AuthenticationType;
 import com.wisemapping.model.User;
@ -48,6 +49,7 @@ import java.util.List;
@Controller
@CrossOrigin
 public class UserController extends BaseController {
+
 	@Qualifier("userService")
 	@Autowired
 	private UserService userService;
@ -74,6 +76,10 @@ public class UserController extends BaseController {
 			@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
 		logger.debug("Register new user:" + registration.getEmail());

+		if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
+			throw new PasswordTooLongException();
+		}
+
 		// If tomcat is behind a reverse proxy, ip needs to be found in other header.
 		String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
 		if (remoteIp == null || remoteIp.isEmpty()) {
--- a/wise-webapp/src/main/resources/messages_de.properties
+++ b/wise-webapp/src/main/resources/messages_de.properties
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hallo
 OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werden. Bitte entferne den Besitzer aus der önderungsliste.
 ZOOM_TO_FIT=Einpassen
 ZOOM_OUT=Verkleinern
-ZOOM_IN=Vergrööern
+ZOOM_IN=Vergrööern
+PASSWORD_TOO_LONG=Password must be less than 40 characters.
--- a/wise-webapp/src/main/resources/messages_en.properties
+++ b/wise-webapp/src/main/resources/messages_en.properties
@ -71,4 +71,5 @@ TOO_MANY_INACTIVE_ACCOUNTS=You have shared your mindmaps to more than 20 user th
 OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
 ZOOM_TO_FIT=Zoom to fit
 ZOOM_OUT=Zoom out
-ZOOM_IN=Zoom in
+ZOOM_IN=Zoom in
+PASSWORD_TOO_LONG=Password must be less than 40 characters.
--- a/wise-webapp/src/main/resources/messages_es.properties
+++ b/wise-webapp/src/main/resources/messages_es.properties
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hola
 OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
 ZOOM_TO_FIT=Centrar
 ZOOM_OUT=Alejar
-ZOOM_IN=Acercar
+ZOOM_IN=Acercar
+PASSWORD_TOO_LONG=Password must be less than 40 characters.
--- a/wise-webapp/src/main/resources/messages_fr.properties
+++ b/wise-webapp/src/main/resources/messages_fr.properties
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Salut
 OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifié. Veuillez supprimer le propriétaire de la liste des modifications.
 ZOOM_TO_FIT=Zoomer pour s'adapter
 ZOOM_OUT=Dézoomer
-ZOOM_IN=Agrandir
+ZOOM_IN=Agrandir
+PASSWORD_TOO_LONG=Password must be less than 40 characters.
--- a/wise-webapp/src/main/resources/messages_ru.properties
+++ b/wise-webapp/src/main/resources/messages_ru.properties
@ -63,4 +63,5 @@ EMAIL.GREETINGS=Hi
 OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить нельзя. Пожалуйста, удалите владельца из списка изменений.
 ZOOM_TO_FIT=Увеличить, чтобы соответствовать
 ZOOM_OUT=Уменьшить
-ZOOM_IN=Приблизить
+ZOOM_IN=Приблизить
+PASSWORD_TOO_LONG=Password must be less than 40 characters.
--- a/wise-webapp/src/main/resources/messages_zh.properties
+++ b/wise-webapp/src/main/resources/messages_zh.properties
@ -69,4 +69,5 @@ EMAIL.GREETINGS=你好
 OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表中删除所有者。
 ZOOM_TO_FIT=缩放以适合
 ZOOM_OUT=缩小
-ZOOM_IN=放大
+ZOOM_IN=放大
+PASSWORD_TOO_LONG=Password must be less than 40 characters.