bugfix/fixed the No strong password policy enforcement when sign up new user

2026-02-06 19:16:53 +00:00 · 2022-08-04 16:44:29 +02:00 · 2022-08-04 16:44:29 +02:00 · 71eca459e2
commit 71eca459e2
parent 9503b9d20e
5 changed files with 11 additions and 12 deletions
--- a/obp-api/src/main/scala/code/api/directlogin.scala
+++ b/obp-api/src/main/scala/code/api/directlogin.scala
@ -202,7 +202,7 @@ object DirectLogin extends RestHelper with MdcLoggable {
        case "username" =>
          checkUsernameString(parameterValue)
        case "password" =>
-          validatePasswordOnUsage(parameterValue)
+          basicPasswordValidation(parameterValue)
        case "consumer_key" =>
          checkMediumAlphaNumeric(parameterValue)
        case "token" =>
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@ -678,7 +678,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
   * 1) length is >16 characters without validations but max length <= 512
   * 2) or Min 10 characters with mixed numbers + letters + upper+lower case + at least one special character.
   * */
-  def validatePasswordOnCreation(password: String): Boolean = {
+  def fullPasswordValidation(password: String): Boolean = {
    /**
     * (?=.*\d)                    //should contain at least one digit
     * (?=.*[a-z])                 //should contain at least one lower case
@ -689,9 +689,8 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
    val regex =
      """^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!"#$%&'\(\)*+,-./:;<=>?@\\[\\\\]^_\\`{|}~])([A-Za-z0-9!"#$%&'\(\)*+,-./:;<=>?@\\[\\\\]^_\\`{|}~]{10,16})$""".r
    password match {
-      case password if(validatePasswordOnUsage(password) ==SILENCE_IS_GOLDEN) => true
-      case password if(password.length > 16 && password.length <= 512) => true
-      case regex(password) => true
+      case password if(password.length > 16 && password.length <= 512 && basicPasswordValidation(password) ==SILENCE_IS_GOLDEN) => true
+      case regex(password) if(basicPasswordValidation(password) ==SILENCE_IS_GOLDEN) => true
      case _ => false
    }
  }
@ -726,7 +725,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{

  /** only  A-Z, a-z, 0-9, all allowed characters for password and max length <= 512  */
  /** also support space now  */
-  def validatePasswordOnUsage(value:String): String ={
+  def basicPasswordValidation(value:String): String ={
    val valueLength = value.length
    val regex = """^([A-Za-z0-9!"#$%&'\(\)*+,-./:;<=>?@\\[\\\\]^_\\`{|}~ ]+)$""".r
    value match {
--- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
+++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
@ -1477,7 +1477,7 @@ trait APIMethods200 {
        cc =>
          for {
            postedData <- tryo {json.extract[CreateUserJson]} ?~! ErrorMessages.InvalidJsonFormat
-            _ <- tryo(assert(validatePasswordOnCreation(postedData.password))) ?~! ErrorMessages.InvalidStrongPasswordFormat
+            _ <- tryo(assert(fullPasswordValidation(postedData.password))) ?~! ErrorMessages.InvalidStrongPasswordFormat
          } yield {
            if (AuthUser.find(By(AuthUser.username, postedData.username)).isEmpty) {
              val userCreated = AuthUser.create
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@ -30,7 +30,7 @@ import code.api.util.CommonFunctions.validUri
 import code.UserRefreshes.UserRefreshes
 import code.accountholders.AccountHolders
 import code.api.dynamic.endpoint.helper.DynamicEndpointHelper
-import code.api.util.APIUtil.{hasAnOAuthHeader, logger, validatePasswordOnCreation, _}
+import code.api.util.APIUtil._
 import code.api.util.ErrorMessages._
 import code.api.util._
 import code.api.{APIFailure, Constant, DirectLogin, GatewayLogin, OAuthHandshake}
@ -43,7 +43,7 @@ import code.users.Users
 import code.util.Helper
 import code.util.Helper.MdcLoggable
 import code.views.Views
-import com.openbankproject.commons.model.{User, _}
+import com.openbankproject.commons.model._
 import net.liftweb.common._
 import net.liftweb.http._
 import net.liftweb.mapper._
@ -274,7 +274,7 @@ class AuthUser extends MegaProtoUser[AuthUser] with CreatedUpdated with MdcLogga
            invalidMsg = Helper.i18n("please.enter.your.password")
            S.error("authuser_password_repeat", Text(Helper.i18n("please.re-enter.your.password")))
          case false =>
-            if (validatePasswordOnCreation(passwordValue))
+            if (fullPasswordValidation(passwordValue))
              invalidPw = false
            else {
              invalidPw = true
--- a/obp-api/src/main/scala/code/sandbox/CreateOBPUsers.scala
+++ b/obp-api/src/main/scala/code/sandbox/CreateOBPUsers.scala
@ -1,6 +1,6 @@
 package code.sandbox

-import code.api.util.APIUtil.validatePasswordOnCreation
+import code.api.util.APIUtil.fullPasswordValidation
 import code.api.util.ErrorMessages
 import code.model.dataAccess.{AuthUser, ResourceUser}
 import code.users.Users
@ -38,7 +38,7 @@ trait CreateAuthUsers {
        .validated(true)

      val validationErrors = authUser.validate
-      if (!validatePasswordOnCreation(u.password)) Failure(ErrorMessages.InvalidStrongPasswordFormat)
+      if (!fullPasswordValidation(u.password)) Failure(ErrorMessages.InvalidStrongPasswordFormat)
      else if(!validationErrors.isEmpty) Failure(s"Errors: ${validationErrors.map(_.msg)}")
      else Full(asSaveable(authUser))
    }