Enforce password size limit

wise-webapp/src/main/java/com/wisemapping/exceptions/PasswordTooLongException.java

@@ -0,0 +1,37 @@
+/*
+ *    Copyright [2022] [wisemapping]
+ *
+ *   Licensed under WiseMapping Public License, Version 1.0 (the "License").
+ *   It is basically the Apache License, Version 2.0 (the "License") plus the
+ *   "powered by wisemapping" text requirement on every single page;
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the license at
+ *
+ *       http://www.wisemapping.org/license
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+package com.wisemapping.exceptions;
+
+
+import javax.validation.constraints.NotNull;
+
+public class PasswordTooLongException
+        extends ClientException {
+    private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
+
+    public PasswordTooLongException() {
+        super("Password length must be less than 40 characters", Severity.WARNING);
+    }
+
+    @NotNull
+    @Override
+    protected String getMsgBundleKey() {
+        return PASSWORD_TOO_LONG;
+    }
+}

wise-webapp/src/main/java/com/wisemapping/model/User.java

@@ -32,6 +32,8 @@ public class User
         extends Collaborator
         implements Serializable {
 
+    public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
+
     private String firstname;
     private String lastname;
     private String password;
@@ -53,13 +55,13 @@ public class User
     private String authenticatorUri;
 
     @Column(name = "google_sync")
-	private Boolean googleSync;
+    private Boolean googleSync;
 
     @Column(name = "sync_code")
-	private String syncCode;
+    private String syncCode;
 
     @Column(name = "google_token")
-	private String googleToken;
+    private String googleToken;
 
     public User() {
     }
@@ -88,7 +90,7 @@ public class User
         return password;
     }
 
-    public void setPassword(String password) {
+    public void setPassword(@javax.validation.constraints.NotNull String password) {
         this.password = password;
     }
 
@@ -158,34 +160,34 @@ public class User
     }
 
     public void setAuthenticationTypeCode(Character authenticationTypeCode) {
-		this.authenticationTypeCode = authenticationTypeCode;
-	}
+        this.authenticationTypeCode = authenticationTypeCode;
+    }
 
-	public Boolean getGoogleSync() {
-		return googleSync;
-	}
+    public Boolean getGoogleSync() {
+        return googleSync;
+    }
 
-	public void setGoogleSync(Boolean googleSync) {
-		this.googleSync = googleSync;
-	}
+    public void setGoogleSync(Boolean googleSync) {
+        this.googleSync = googleSync;
+    }
 
-	public String getSyncCode() {
-		return syncCode;
-	}
+    public String getSyncCode() {
+        return syncCode;
+    }
 
-	public void setSyncCode(String syncCode) {
-		this.syncCode = syncCode;
-	}
+    public void setSyncCode(String syncCode) {
+        this.syncCode = syncCode;
+    }
 
-	public String getGoogleToken() {
-		return googleToken;
-	}
+    public String getGoogleToken() {
+        return googleToken;
+    }
 
-	public void setGoogleToken(String googleToken) {
-		this.googleToken = googleToken;
-	}
+    public void setGoogleToken(String googleToken) {
+        this.googleToken = googleToken;
+    }
 
-	@Override
+    @Override
     public String toString() {
         return "User{" +
                 "firstname='" + firstname + '\'' +

wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java

@@ -18,6 +18,7 @@
 
 package com.wisemapping.rest;
 
+import com.wisemapping.exceptions.PasswordTooLongException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.model.Collaboration;
 import com.wisemapping.model.Label;
@@ -55,11 +56,15 @@ public class AccountController extends BaseController {
 
     @RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
     @ResponseStatus(value = HttpStatus.NO_CONTENT)
-    public void changePassword(@RequestBody String password) {
+    public void changePassword(@RequestBody String password) throws PasswordTooLongException {
         if (password == null) {
             throw new IllegalArgumentException("Password can not be null");
         }
 
+        if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
+            throw new PasswordTooLongException();
+        }
+
         final User user = Utils.getUser(true);
         user.setPassword(password);
         userService.changePassword(user);

wise-webapp/src/main/java/com/wisemapping/rest/UserController.java

@@ -19,6 +19,7 @@
 package com.wisemapping.rest;
 
 import com.wisemapping.exceptions.EmailNotExistsException;
+import com.wisemapping.exceptions.PasswordTooLongException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.model.AuthenticationType;
 import com.wisemapping.model.User;
@@ -48,6 +49,7 @@ import java.util.List;
 @Controller
 @CrossOrigin
 public class UserController extends BaseController {
+
 	@Qualifier("userService")
 	@Autowired
 	private UserService userService;
@@ -74,6 +76,10 @@ public class UserController extends BaseController {
 			@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
 		logger.debug("Register new user:" + registration.getEmail());
 
+		if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
+			throw new PasswordTooLongException();
+		}
+
 		// If tomcat is behind a reverse proxy, ip needs to be found in other header.
 		String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
 		if (remoteIp == null || remoteIp.isEmpty()) {

wise-webapp/src/main/resources/messages_de.properties

@@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werde
 ZOOM_TO_FIT=Einpassen
 ZOOM_OUT=Verkleinern
 ZOOM_IN=Vergrööern
+PASSWORD_TOO_LONG=Password must be less than 40 characters.

wise-webapp/src/main/resources/messages_en.properties

@@ -72,3 +72,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
 ZOOM_TO_FIT=Zoom to fit
 ZOOM_OUT=Zoom out
 ZOOM_IN=Zoom in
+PASSWORD_TOO_LONG=Password must be less than 40 characters.

wise-webapp/src/main/resources/messages_es.properties

@@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner
 ZOOM_TO_FIT=Centrar
 ZOOM_OUT=Alejar
 ZOOM_IN=Acercar
+PASSWORD_TOO_LONG=Password must be less than 40 characters.

wise-webapp/src/main/resources/messages_fr.properties

@@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifi
 ZOOM_TO_FIT=Zoomer pour s'adapter
 ZOOM_OUT=Dézoomer
 ZOOM_IN=Agrandir
+PASSWORD_TOO_LONG=Password must be less than 40 characters.

wise-webapp/src/main/resources/messages_ru.properties

@@ -64,3 +64,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить не
 ZOOM_TO_FIT=Увеличить, чтобы соответствовать
 ZOOM_OUT=Уменьшить
 ZOOM_IN=Приблизить
+PASSWORD_TOO_LONG=Password must be less than 40 characters.

wise-webapp/src/main/resources/messages_zh.properties

@@ -70,3 +70,4 @@ OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表
 ZOOM_TO_FIT=缩放以适合
 ZOOM_OUT=缩小
 ZOOM_IN=放大
+PASSWORD_TOO_LONG=Password must be less than 40 characters.