Enforce password size limit
parent
ae633022ab
commit
30098527b5
|
@ -0,0 +1,37 @@
|
||||||
|
/*
|
||||||
|
* Copyright [2022] [wisemapping]
|
||||||
|
*
|
||||||
|
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
||||||
|
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
||||||
|
* "powered by wisemapping" text requirement on every single page;
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the license at
|
||||||
|
*
|
||||||
|
* http://www.wisemapping.org/license
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package com.wisemapping.exceptions;
|
||||||
|
|
||||||
|
|
||||||
|
import javax.validation.constraints.NotNull;
|
||||||
|
|
||||||
|
public class PasswordTooLongException
|
||||||
|
extends ClientException {
|
||||||
|
private static final String PASSWORD_TOO_LONG = "PASSWORD_TOO_LONG";
|
||||||
|
|
||||||
|
public PasswordTooLongException() {
|
||||||
|
super("Password length must be less than 40 characters", Severity.WARNING);
|
||||||
|
}
|
||||||
|
|
||||||
|
@NotNull
|
||||||
|
@Override
|
||||||
|
protected String getMsgBundleKey() {
|
||||||
|
return PASSWORD_TOO_LONG;
|
||||||
|
}
|
||||||
|
}
|
|
@ -32,34 +32,36 @@ public class User
|
||||||
extends Collaborator
|
extends Collaborator
|
||||||
implements Serializable {
|
implements Serializable {
|
||||||
|
|
||||||
|
public static final int MAX_PASSWORD_LENGTH_SIZE = 40;
|
||||||
|
|
||||||
private String firstname;
|
private String firstname;
|
||||||
private String lastname;
|
private String lastname;
|
||||||
private String password;
|
private String password;
|
||||||
private String locale;
|
private String locale;
|
||||||
|
|
||||||
@Column(name = "activation_code")
|
@Column(name = "activation_code")
|
||||||
private long activationCode;
|
private long activationCode;
|
||||||
|
|
||||||
@Column(name = "activation_date")
|
@Column(name = "activation_date")
|
||||||
private Calendar activationDate;
|
private Calendar activationDate;
|
||||||
|
|
||||||
@Column(name = "allow_send_email")
|
@Column(name = "allow_send_email")
|
||||||
private boolean allowSendEmail = false;
|
private boolean allowSendEmail = false;
|
||||||
|
|
||||||
@Column(name = "authentication_type")
|
@Column(name = "authentication_type")
|
||||||
private Character authenticationTypeCode = AuthenticationType.DATABASE.getCode();
|
private Character authenticationTypeCode = AuthenticationType.DATABASE.getCode();
|
||||||
|
|
||||||
@Column(name = "authenticator_uri")
|
@Column(name = "authenticator_uri")
|
||||||
private String authenticatorUri;
|
private String authenticatorUri;
|
||||||
|
|
||||||
@Column(name = "google_sync")
|
@Column(name = "google_sync")
|
||||||
private Boolean googleSync;
|
private Boolean googleSync;
|
||||||
|
|
||||||
@Column(name = "sync_code")
|
@Column(name = "sync_code")
|
||||||
private String syncCode;
|
private String syncCode;
|
||||||
|
|
||||||
@Column(name = "google_token")
|
@Column(name = "google_token")
|
||||||
private String googleToken;
|
private String googleToken;
|
||||||
|
|
||||||
public User() {
|
public User() {
|
||||||
}
|
}
|
||||||
|
@ -88,7 +90,7 @@ public class User
|
||||||
return password;
|
return password;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setPassword(String password) {
|
public void setPassword(@javax.validation.constraints.NotNull String password) {
|
||||||
this.password = password;
|
this.password = password;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -158,34 +160,34 @@ public class User
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setAuthenticationTypeCode(Character authenticationTypeCode) {
|
public void setAuthenticationTypeCode(Character authenticationTypeCode) {
|
||||||
this.authenticationTypeCode = authenticationTypeCode;
|
this.authenticationTypeCode = authenticationTypeCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Boolean getGoogleSync() {
|
public Boolean getGoogleSync() {
|
||||||
return googleSync;
|
return googleSync;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setGoogleSync(Boolean googleSync) {
|
public void setGoogleSync(Boolean googleSync) {
|
||||||
this.googleSync = googleSync;
|
this.googleSync = googleSync;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getSyncCode() {
|
|
||||||
return syncCode;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setSyncCode(String syncCode) {
|
|
||||||
this.syncCode = syncCode;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getGoogleToken() {
|
public String getSyncCode() {
|
||||||
return googleToken;
|
return syncCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setGoogleToken(String googleToken) {
|
public void setSyncCode(String syncCode) {
|
||||||
this.googleToken = googleToken;
|
this.syncCode = syncCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
public String getGoogleToken() {
|
||||||
|
return googleToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setGoogleToken(String googleToken) {
|
||||||
|
this.googleToken = googleToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "User{" +
|
return "User{" +
|
||||||
"firstname='" + firstname + '\'' +
|
"firstname='" + firstname + '\'' +
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
package com.wisemapping.rest;
|
package com.wisemapping.rest;
|
||||||
|
|
||||||
|
import com.wisemapping.exceptions.PasswordTooLongException;
|
||||||
import com.wisemapping.exceptions.WiseMappingException;
|
import com.wisemapping.exceptions.WiseMappingException;
|
||||||
import com.wisemapping.model.Collaboration;
|
import com.wisemapping.model.Collaboration;
|
||||||
import com.wisemapping.model.Label;
|
import com.wisemapping.model.Label;
|
||||||
|
@ -55,11 +56,15 @@ public class AccountController extends BaseController {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
|
@RequestMapping(method = RequestMethod.PUT, value = "account/password", consumes = {"text/plain"})
|
||||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||||
public void changePassword(@RequestBody String password) {
|
public void changePassword(@RequestBody String password) throws PasswordTooLongException {
|
||||||
if (password == null) {
|
if (password == null) {
|
||||||
throw new IllegalArgumentException("Password can not be null");
|
throw new IllegalArgumentException("Password can not be null");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (password.length() > User.MAX_PASSWORD_LENGTH_SIZE) {
|
||||||
|
throw new PasswordTooLongException();
|
||||||
|
}
|
||||||
|
|
||||||
final User user = Utils.getUser(true);
|
final User user = Utils.getUser(true);
|
||||||
user.setPassword(password);
|
user.setPassword(password);
|
||||||
userService.changePassword(user);
|
userService.changePassword(user);
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
package com.wisemapping.rest;
|
package com.wisemapping.rest;
|
||||||
|
|
||||||
import com.wisemapping.exceptions.EmailNotExistsException;
|
import com.wisemapping.exceptions.EmailNotExistsException;
|
||||||
|
import com.wisemapping.exceptions.PasswordTooLongException;
|
||||||
import com.wisemapping.exceptions.WiseMappingException;
|
import com.wisemapping.exceptions.WiseMappingException;
|
||||||
import com.wisemapping.model.AuthenticationType;
|
import com.wisemapping.model.AuthenticationType;
|
||||||
import com.wisemapping.model.User;
|
import com.wisemapping.model.User;
|
||||||
|
@ -48,6 +49,7 @@ import java.util.List;
|
||||||
@Controller
|
@Controller
|
||||||
@CrossOrigin
|
@CrossOrigin
|
||||||
public class UserController extends BaseController {
|
public class UserController extends BaseController {
|
||||||
|
|
||||||
@Qualifier("userService")
|
@Qualifier("userService")
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserService userService;
|
private UserService userService;
|
||||||
|
@ -74,6 +76,10 @@ public class UserController extends BaseController {
|
||||||
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
|
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
|
||||||
logger.debug("Register new user:" + registration.getEmail());
|
logger.debug("Register new user:" + registration.getEmail());
|
||||||
|
|
||||||
|
if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
|
||||||
|
throw new PasswordTooLongException();
|
||||||
|
}
|
||||||
|
|
||||||
// If tomcat is behind a reverse proxy, ip needs to be found in other header.
|
// If tomcat is behind a reverse proxy, ip needs to be found in other header.
|
||||||
String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
|
String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
|
||||||
if (remoteIp == null || remoteIp.isEmpty()) {
|
if (remoteIp == null || remoteIp.isEmpty()) {
|
||||||
|
|
|
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hallo
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werden. Bitte entferne den Besitzer aus der önderungsliste.
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=Die Rolle des Besitzers kann nicht geöndert werden. Bitte entferne den Besitzer aus der önderungsliste.
|
||||||
ZOOM_TO_FIT=Einpassen
|
ZOOM_TO_FIT=Einpassen
|
||||||
ZOOM_OUT=Verkleinern
|
ZOOM_OUT=Verkleinern
|
||||||
ZOOM_IN=Vergrööern
|
ZOOM_IN=Vergrööern
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
|
@ -71,4 +71,5 @@ TOO_MANY_INACTIVE_ACCOUNTS=You have shared your mindmaps to more than 20 user th
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
|
||||||
ZOOM_TO_FIT=Zoom to fit
|
ZOOM_TO_FIT=Zoom to fit
|
||||||
ZOOM_OUT=Zoom out
|
ZOOM_OUT=Zoom out
|
||||||
ZOOM_IN=Zoom in
|
ZOOM_IN=Zoom in
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
|
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Hola
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=Owner role can not be change. Please, remove owner from the change list.
|
||||||
ZOOM_TO_FIT=Centrar
|
ZOOM_TO_FIT=Centrar
|
||||||
ZOOM_OUT=Alejar
|
ZOOM_OUT=Alejar
|
||||||
ZOOM_IN=Acercar
|
ZOOM_IN=Acercar
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
|
@ -69,4 +69,5 @@ EMAIL.GREETINGS=Salut
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifié. Veuillez supprimer le propriétaire de la liste des modifications.
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=Le rôle du propriétaire ne peut pas être modifié. Veuillez supprimer le propriétaire de la liste des modifications.
|
||||||
ZOOM_TO_FIT=Zoomer pour s'adapter
|
ZOOM_TO_FIT=Zoomer pour s'adapter
|
||||||
ZOOM_OUT=Dézoomer
|
ZOOM_OUT=Dézoomer
|
||||||
ZOOM_IN=Agrandir
|
ZOOM_IN=Agrandir
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
|
@ -63,4 +63,5 @@ EMAIL.GREETINGS=Hi
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить нельзя. Пожалуйста, удалите владельца из списка изменений.
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=Роль владельца изменить нельзя. Пожалуйста, удалите владельца из списка изменений.
|
||||||
ZOOM_TO_FIT=Увеличить, чтобы соответствовать
|
ZOOM_TO_FIT=Увеличить, чтобы соответствовать
|
||||||
ZOOM_OUT=Уменьшить
|
ZOOM_OUT=Уменьшить
|
||||||
ZOOM_IN=Приблизить
|
ZOOM_IN=Приблизить
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
|
@ -69,4 +69,5 @@ EMAIL.GREETINGS=你好
|
||||||
OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表中删除所有者。
|
OWNER_ROLE_CAN_NOT_BE_CHANGED=所有者角色无法更改。请从更改列表中删除所有者。
|
||||||
ZOOM_TO_FIT=缩放以适合
|
ZOOM_TO_FIT=缩放以适合
|
||||||
ZOOM_OUT=缩小
|
ZOOM_OUT=缩小
|
||||||
ZOOM_IN=放大
|
ZOOM_IN=放大
|
||||||
|
PASSWORD_TOO_LONG=Password must be less than 40 characters.
|
Loading…
Reference in New Issue