Enforce password size limit

This commit is contained in:
Paulo Gustavo Veiga 2023-07-02 10:13:42 -07:00
parent ae633022ab
commit 30098527b5
10 changed files with 97 additions and 41 deletions

View File

@ -0,0 +1,37 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {
private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
public PasswordTooLongException() {
super("Password length must be less than 40 characters", Severity.WARNING);
}
@NotNull
@Override
protected String getMsgBundleKey() {
return PASSWORD_TOO_LONG;
}
}

View File

@ -32,6 +32,8 @@ public class User
extends Collaborator
implements Serializable {
public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
private String firstname;
private String lastname;
private String password;
@ -88,7 +90,7 @@ public class User
return password;
}
public void setPassword(String password) {
public void setPassword(@javax.validation.constraints.NotNull String password) {
this.password = password;
}

View File

@ -18,6 +18,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Collaboration;
import com.wisemapping.model.Label;
@ -55,11 +56,15 @@ public class AccountController extends BaseController {
@RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
@ResponseStatus(value = HttpStatus.NO_CONTENT)
public void changePassword(@RequestBody String password) {
public void changePassword(@RequestBody String password) throws PasswordTooLongException {
if (password == null) {
throw new IllegalArgumentException("Password can not be null");
}
if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
final User user = Utils.getUser(true);
user.setPassword(password);
userService.changePassword(user);

View File

@ -19,6 +19,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.EmailNotExistsException;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User;
@ -48,6 +49,7 @@ import java.util.List;
@Controller
@CrossOrigin
public class UserController extends BaseController {
@Qualifier("userService")
@Autowired
private UserService userService;
@ -74,6 +76,10 @@ public class UserController extends BaseController {
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
logger.debug("Register new user:" + registration.getEmail());
if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
// If tomcat is behind a reverse proxy, ip needs to be found in other header.
String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
if (remoteIp == null || remoteIp.isEmpty()) {

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werde
ZOOM_TO_FIT=Einpassen
ZOOM_OUT=Verkleinern
ZOOM_IN=Vergrööern
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -72,3 +72,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
ZOOM_TO_FIT=Zoom to fit
ZOOM_OUT=Zoom out
ZOOM_IN=Zoom in
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
ZOOM_TO_FIT=Centrar
ZOOM_OUT=Alejar
ZOOM_IN=Acercar
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifi
ZOOM_TO_FIT=Zoomer pour s'adapter
ZOOM_OUT=Dézoomer
ZOOM_IN=Agrandir
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -64,3 +64,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить не
ZOOM_TO_FIT=Увеличить, чтобы соответствовать
ZOOM_OUT=Уменьшить
ZOOM_IN=Приблизить
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表
ZOOM_TO_FIT=缩放以适合
ZOOM_OUT=缩小
ZOOM_IN=放大
PASSWORD_TOO_LONG=Password must be less than 40 characters.