#253 Enforce Strong passwords--fixed it in mapper.

2026-02-06 15:27:01 +00:00 · 2017-03-09 11:51:09 +01:00 · 2017-03-09 11:51:09 +01:00 · ac307b3972
commit ac307b3972
parent 4da8074a16
2 changed files with 53 additions and 2 deletions
--- a/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/src/main/scala/code/model/dataAccess/AuthUser.scala
@ -33,6 +33,7 @@ package code.model.dataAccess

 import java.util.UUID

+import code.api.util.APIUtil.isValidStrongPassword
 import code.api.util.{APIUtil, ErrorMessages}
 import code.api.{DirectLogin, OAuthHandshake}
 import code.bankconnectors.Connector
@ -46,6 +47,7 @@ import scala.xml.{NodeSeq, Text}
 import code.loginattempts.LoginAttempt
 import code.users.Users
 import code.util.Helper
+import net.liftweb.util


 /**
@ -71,6 +73,55 @@ class AuthUser extends MegaProtoUser[AuthUser] with Logger {
    override val fieldId = Some(Text("txtUsername"))
  }

+  override lazy val password = new MyPasswordNew
+  
+  class MyPasswordNew extends MappedPassword(this) {
+    
+    override def displayName = fieldOwner.passwordDisplayName
+    
+    private var passwordValue = ""
+    private var invalidPw = false
+    private var invalidMsg = ""
+    
+    override def setFromAny(f: Any): String = {
+      f match {
+        case a: Array[String] if (a.length == 2 && a(0) == a(1)) => {
+          passwordValue = a(0).toString;
+          if (isValidStrongPassword(passwordValue))
+            invalidPw = false
+          else {
+            invalidPw = true
+            invalidMsg = S.?(ErrorMessages.InvalidStrongPasswordFormat)
+          }
+          this.set(a(0))
+        }
+        case l: List[String] if (l.length == 2 && l.head == l(1)) => {
+          passwordValue = l(0).toString;
+          if (isValidStrongPassword(passwordValue))
+            invalidPw = false
+          else {
+            invalidPw = true
+            invalidMsg = S.?(ErrorMessages.InvalidStrongPasswordFormat)
+          }
+          
+          this.set(l.head)
+        }
+        case _ => {
+          invalidPw = true;
+          invalidMsg = S.?("passwords.do.not.match")
+        }
+      }
+      get
+    }
+    
+    override def validate: List[FieldError] = {
+      if (super.validate.nonEmpty) super.validate
+      else if (!invalidPw && password.get != "*") Nil
+      else if (invalidPw) List(FieldError(this, Text(invalidMsg)))
+      else List(FieldError(this, Text(S.?("password.must.be.set"))))
+    }
+    
+  }

  /**
   * The provider field for the User.
--- a/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
+++ b/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
@ -462,8 +462,8 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Shoul
  val standardProducts = product1AtBank1 :: product2AtBank1 :: Nil


-  val user1 = SandboxUserImport(email = "user1@example.com", password = "qwerty", user_name = "User 1")
-  val user2 = SandboxUserImport(email = "user2@example.com", password = "qwerty", user_name = "User 2")
+  val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "User 1")
+  val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "User 2")

  val standardUsers = user1 :: user2 :: Nil