Enforce password size limit

This commit is contained in:
Paulo Gustavo Veiga 2023-07-02 10:13:42 -07:00
parent ae633022ab
commit 30098527b5
10 changed files with 97 additions and 41 deletions

View File

@ -0,0 +1,37 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {
private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
public PasswordTooLongException() {
super("Password length must be less than 40 characters", Severity.WARNING);
}
@NotNull
@Override
protected String getMsgBundleKey() {
return PASSWORD_TOO_LONG;
}
}

View File

@ -32,34 +32,36 @@ public class User
extends Collaborator
implements Serializable {
public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
private String firstname;
private String lastname;
private String password;
private String locale;
@Column(name = "activation_code")
private long activationCode;
@Column(name = "activation_date")
private Calendar activationDate;
@Column(name = "allow_send_email")
private boolean allowSendEmail = false;
@Column(name = "authentication_type")
private Character authenticationTypeCode = AuthenticationType.DATABASE.getCode();
@Column(name = "authenticator_uri")
private String authenticatorUri;
@Column(name = "google_sync")
private Boolean googleSync;
private Boolean googleSync;
@Column(name = "sync_code")
private String syncCode;
private String syncCode;
@Column(name = "google_token")
private String googleToken;
private String googleToken;
public User() {
}
@ -88,7 +90,7 @@ public class User
return password;
}
public void setPassword(String password) {
public void setPassword(@javax.validation.constraints.NotNull String password) {
this.password = password;
}
@ -158,34 +160,34 @@ public class User
}
public void setAuthenticationTypeCode(Character authenticationTypeCode) {
this.authenticationTypeCode = authenticationTypeCode;
}
this.authenticationTypeCode = authenticationTypeCode;
}
public Boolean getGoogleSync() {
return googleSync;
}
public Boolean getGoogleSync() {
return googleSync;
}
public void setGoogleSync(Boolean googleSync) {
this.googleSync = googleSync;
}
public String getSyncCode() {
return syncCode;
}
public void setSyncCode(String syncCode) {
this.syncCode = syncCode;
}
public void setGoogleSync(Boolean googleSync) {
this.googleSync = googleSync;
}
public String getGoogleToken() {
return googleToken;
}
public String getSyncCode() {
return syncCode;
}
public void setGoogleToken(String googleToken) {
this.googleToken = googleToken;
}
@Override
public void setSyncCode(String syncCode) {
this.syncCode = syncCode;
}
public String getGoogleToken() {
return googleToken;
}
public void setGoogleToken(String googleToken) {
this.googleToken = googleToken;
}
@Override
public String toString() {
return "User{" +
"firstname='" + firstname + '\'' +

View File

@ -18,6 +18,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Collaboration;
import com.wisemapping.model.Label;
@ -55,11 +56,15 @@ public class AccountController extends BaseController {
@RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
@ResponseStatus(value = HttpStatus.NO_CONTENT)
public void changePassword(@RequestBody String password) {
public void changePassword(@RequestBody String password) throws PasswordTooLongException {
if (password == null) {
throw new IllegalArgumentException("Password can not be null");
}
if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
final User user = Utils.getUser(true);
user.setPassword(password);
userService.changePassword(user);

View File

@ -19,6 +19,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.EmailNotExistsException;
import com.wisemapping.exceptions.PasswordTooLongException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User;
@ -48,6 +49,7 @@ import java.util.List;
@Controller
@CrossOrigin
public class UserController extends BaseController {
@Qualifier("userService")
@Autowired
private UserService userService;
@ -74,6 +76,10 @@ public class UserController extends BaseController {
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
logger.debug("Register new user:" + registration.getEmail());
if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
throw new PasswordTooLongException();
}
// If tomcat is behind a reverse proxy, ip needs to be found in other header.
String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
if (remoteIp == null || remoteIp.isEmpty()) {

View File

@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hallo
OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werden. Bitte entferne den Besitzer aus der önderungsliste.
ZOOM_TO_FIT=Einpassen
ZOOM_OUT=Verkleinern
ZOOM_IN=Vergrööern
ZOOM_IN=Vergrööern
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -71,4 +71,5 @@ TOO_MANY_INACTIVE_ACCOUNTS=You have shared your mindmaps to more than 20 user th
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
ZOOM_TO_FIT=Zoom to fit
ZOOM_OUT=Zoom out
ZOOM_IN=Zoom in
ZOOM_IN=Zoom in
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hola
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
ZOOM_TO_FIT=Centrar
ZOOM_OUT=Alejar
ZOOM_IN=Acercar
ZOOM_IN=Acercar
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -69,4 +69,5 @@ EMAIL.GREETINGS=Salut
OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifié. Veuillez supprimer le propriétaire de la liste des modifications.
ZOOM_TO_FIT=Zoomer pour s'adapter
ZOOM_OUT=Dézoomer
ZOOM_IN=Agrandir
ZOOM_IN=Agrandir
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -63,4 +63,5 @@ EMAIL.GREETINGS=Hi
OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить нельзя. Пожалуйста, удалите владельца из списка изменений.
ZOOM_TO_FIT=Увеличить, чтобы соответствовать
ZOOM_OUT=Уменьшить
ZOOM_IN=Приблизить
ZOOM_IN=Приблизить
PASSWORD_TOO_LONG=Password must be less than 40 characters.

View File

@ -69,4 +69,5 @@ EMAIL.GREETINGS=你好
OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表中删除所有者。
ZOOM_TO_FIT=缩放以适合
ZOOM_OUT=缩小
ZOOM_IN=放大
ZOOM_IN=放大
PASSWORD_TOO_LONG=Password must be less than 40 characters.