dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #19627
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8645: Improved server side email and password validation
------------------------------------------------------------
revno: 8645
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2012-10-22 18:28:40 +0200
message:
Improved server side email and password validation
modified:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java
dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java 2012-10-22 16:28:40 +0000
@@ -42,6 +42,9 @@
public class ValidationUtils
{
private static Pattern POINT_PATTERN = Pattern.compile( "\\[(.+),\\s?(.+)\\]" );
+ private static Pattern DIGIT_PATTERN = Pattern.compile( ".*\\d.*" );
+ private static Pattern UPPERCASE_PATTERN = Pattern.compile( ".*[A-Z].*" );
+
private static int LONG_MAX = 180;
private static int LONG_MIN = -180;
private static int LAT_MAX = 90;
@@ -93,14 +96,27 @@
}
/**
- * Validates whether a password is valid.
+ * Validates whether a password is valid. A password must:
+ *
+ * <ul>
+ * <li>Be between 8 and 80 characters long</li>
+ * <li>Include at least one digit</li>
+ * <li>Include at least one uppercase letter</li>
+ * </ul>
*
* @param password the password.
* @return true if the password is valid, false otherwise.
*/
public static boolean passwordIsValid( String password )
{
- return password != null && password.length() >= 5 && password.length() < 50;
+ if ( password == null || password.trim().length() < 8 || password.trim().length() > 80 )
+ {
+ return false;
+ }
+ System.out.println("digit " + DIGIT_PATTERN.matcher( password ).matches());
+ System.out.println("upper " + UPPERCASE_PATTERN.matcher( password ).matches());
+
+ return DIGIT_PATTERN.matcher( password ).matches() && UPPERCASE_PATTERN.matcher( password ).matches();
}
/**
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java'
--- dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java 2012-01-11 19:25:49 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java 2012-10-22 16:28:40 +0000
@@ -34,6 +34,8 @@
import static org.hisp.dhis.system.util.ValidationUtils.coordinateIsValid;
import static org.hisp.dhis.system.util.ValidationUtils.getLatitude;
import static org.hisp.dhis.system.util.ValidationUtils.getLongitude;
+import static org.hisp.dhis.system.util.ValidationUtils.passwordIsValid;
+import static org.hisp.dhis.system.util.ValidationUtils.emailIsValid;
import org.junit.Test;
@@ -86,4 +88,20 @@
assertNull( getLatitude( "23.34343,56.3232" ) );
assertNull( getLatitude( null ) );
}
+
+ @Test
+ public void testPasswordIsValid()
+ {
+ assertFalse( passwordIsValid( "Johnd1" ) );
+ assertFalse( passwordIsValid( "johndoe1" ) );
+ assertFalse( passwordIsValid( "Johndoedoe" ) );
+ assertTrue( passwordIsValid( "Johndoe1" ) );
+ }
+
+ @Test
+ public void testEmailIsValid()
+ {
+ assertFalse( emailIsValid( "john@doe" ) );
+ assertTrue( emailIsValid( "john@xxxxxxx" ) );
+ }
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java 2012-10-22 16:02:20 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java 2012-10-22 16:28:40 +0000
@@ -34,6 +34,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.api.utils.ContextUtils;
+import org.hisp.dhis.system.util.ValidationUtils;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
@@ -125,7 +126,7 @@
return "Last name is not specified or invalid";
}
- if ( password == null || password.trim().length() > MAX_LENGTH )
+ if ( password == null || !ValidationUtils.passwordIsValid( password ) )
{
response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
return "Password is not specified or invalid";
@@ -135,7 +136,13 @@
{
response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
return "Password cannot be equal to username";
- }
+ }
+
+ if ( email == null || !ValidationUtils.emailIsValid( email ) )
+ {
+ response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
+ return "Email is not specified or invalid";
+ }
if ( recapChallenge == null )
{
=== modified file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js 2012-10-22 16:02:20 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js 2012-10-22 16:28:40 +0000
@@ -17,6 +17,7 @@
required: true,
rangelength: [ 8, 80 ],
password: true,
+ notequalto : "#username",
},
retypePassword: {
required: true,