Enforce password size limit

This commit is contained in:
Paulo Gustavo Veiga 2023-07-02 10:13:42 -07:00
parent ae633022ab
commit 30098527b5
10 changed files with 97 additions and 41 deletions

View File

@ -0,0 +1,37 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {
private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
public PasswordTooLongException() {
super("Password length must be less than 40 characters", Severity.WARNING);
}
@NotNull
@Override
protected String getMsgBundleKey() {
return PASSWORD_TOO_LONG;
}
}

View File

@ -32,6 +32,8 @@ public class User
extends Collaborator extends Collaborator
implements Serializable { implements Serializable {
public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
private String firstname; private String firstname;
private String lastname; private String lastname;
private String password; private String password;
@ -53,13 +55,13 @@ public class User
private String authenticatorUri; private String authenticatorUri;
@Column(name = "google_sync") @Column(name = "google_sync")
private Boolean googleSync; private Boolean googleSync;
@Column(name = "sync_code") @Column(name = "sync_code")
private String syncCode; private String syncCode;
@Column(name = "google_token") @Column(name = "google_token")
private String googleToken; private String googleToken;
public User() { public User() {
} }
@ -88,7 +90,7 @@ public class User
return password; return password;
} }
public void setPassword(String password) { public void setPassword(@javax.validation.constraints.NotNull String password) {
this.password = password; this.password = password;
} }
@ -158,34 +160,34 @@ public class User
} }
public void setAuthenticationTypeCode(Character authenticationTypeCode) { public void setAuthenticationTypeCode(Character authenticationTypeCode) {
this.authenticationTypeCode = authenticationTypeCode; this.authenticationTypeCode = authenticationTypeCode;
} }
public Boolean getGoogleSync() { public Boolean getGoogleSync() {
return googleSync; return googleSync;
} }
public void setGoogleSync(Boolean googleSync) { public void setGoogleSync(Boolean googleSync) {
this.googleSync = googleSync; this.googleSync = googleSync;
} }
public String getSyncCode() { public String getSyncCode() {
return syncCode; return syncCode;
} }
public void setSyncCode(String syncCode) { public void setSyncCode(String syncCode) {
this.syncCode = syncCode; this.syncCode = syncCode;
} }
public String getGoogleToken() { public String getGoogleToken() {
return googleToken; return googleToken;
} }
public void setGoogleToken(String googleToken) { public void setGoogleToken(String googleToken) {
this.googleToken = googleToken; this.googleToken = googleToken;
} }
@Override @Override
public String toString() { public String toString() {
return "User{" + return "User{" +
"firstname='" + firstname + '\'' + "firstname='" + firstname + '\'' +

View File

@ -18,6 +18,7 @@
package com.wisemapping.rest; package com.wisemapping.rest;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException; import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Collaboration; import com.wisemapping.model.Collaboration;
import com.wisemapping.model.Label; import com.wisemapping.model.Label;
@ -55,11 +56,15 @@ public class AccountController extends BaseController {
@RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"}) @RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
@ResponseStatus(value = HttpStatus.NO_CONTENT) @ResponseStatus(value = HttpStatus.NO_CONTENT)
public void changePassword(@RequestBody String password) { public void changePassword(@RequestBody String password) throws PasswordTooLongException {
if (password == null) { if (password == null) {
throw new IllegalArgumentException("Password can not be null"); throw new IllegalArgumentException("Password can not be null");
} }
if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
final User user = Utils.getUser(true); final User user = Utils.getUser(true);
user.setPassword(password); user.setPassword(password);
userService.changePassword(user); userService.changePassword(user);

View File

@ -19,6 +19,7 @@
package com.wisemapping.rest; package com.wisemapping.rest;
import com.wisemapping.exceptions.EmailNotExistsException; import com.wisemapping.exceptions.EmailNotExistsException;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException; import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType; import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User; import com.wisemapping.model.User;
@ -48,6 +49,7 @@ import java.util.List;
@Controller @Controller
@CrossOrigin @CrossOrigin
public class UserController extends BaseController { public class UserController extends BaseController {
@Qualifier("userService") @Qualifier("userService")
@Autowired @Autowired
private UserService userService; private UserService userService;
@ -74,6 +76,10 @@ public class UserController extends BaseController {
@NotNull HttpServletResponse response) throws WiseMappingException, BindException { @NotNull HttpServletResponse response) throws WiseMappingException, BindException {
logger.debug("Register new user:" + registration.getEmail()); logger.debug("Register new user:" + registration.getEmail());
if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
// If tomcat is behind a reverse proxy, ip needs to be found in other header. // If tomcat is behind a reverse proxy, ip needs to be found in other header.
String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER); String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
if (remoteIp == null || remoteIp.isEmpty()) { if (remoteIp == null || remoteIp.isEmpty()) {

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werde
ZOOM_TO_FIT=Einpassen ZOOM_TO_FIT=Einpassen
ZOOM_OUT=Verkleinern ZOOM_OUT=Verkleinern
ZOOM_IN=Vergrööern ZOOM_IN=Vergrööern
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -72,3 +72,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
ZOOM_TO_FIT=Zoom to fit ZOOM_TO_FIT=Zoom to fit
ZOOM_OUT=Zoom out ZOOM_OUT=Zoom out
ZOOM_IN=Zoom in ZOOM_IN=Zoom in
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
ZOOM_TO_FIT=Centrar ZOOM_TO_FIT=Centrar
ZOOM_OUT=Alejar ZOOM_OUT=Alejar
ZOOM_IN=Acercar ZOOM_IN=Acercar
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifi
ZOOM_TO_FIT=Zoomer pour s'adapter ZOOM_TO_FIT=Zoomer pour s'adapter
ZOOM_OUT=Dézoomer ZOOM_OUT=Dézoomer
ZOOM_IN=Agrandir ZOOM_IN=Agrandir
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -64,3 +64,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить не
ZOOM_TO_FIT=Увеличить, чтобы соответствовать ZOOM_TO_FIT=Увеличить, чтобы соответствовать
ZOOM_OUT=Уменьшить ZOOM_OUT=Уменьшить
ZOOM_IN=Приблизить ZOOM_IN=Приблизить
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表
ZOOM_TO_FIT=缩放以适合 ZOOM_TO_FIT=缩放以适合
ZOOM_OUT=缩小 ZOOM_OUT=缩小
ZOOM_IN=放大 ZOOM_IN=放大
PASSWORD_TOO_LONG=Password must be less than 40 characters.