← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8645: Improved server side email and password validation

 

------------------------------------------------------------
revno: 8645
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2012-10-22 18:28:40 +0200
message:
  Improved server side email and password validation
modified:
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java
  dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java
  dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java	2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/ValidationUtils.java	2012-10-22 16:28:40 +0000
@@ -42,6 +42,9 @@
 public class ValidationUtils
 {
     private static Pattern POINT_PATTERN = Pattern.compile( "\\[(.+),\\s?(.+)\\]" );
+    private static Pattern DIGIT_PATTERN = Pattern.compile( ".*\\d.*" );
+    private static Pattern UPPERCASE_PATTERN = Pattern.compile( ".*[A-Z].*" );
+    
     private static int LONG_MAX = 180;
     private static int LONG_MIN = -180;
     private static int LAT_MAX = 90;
@@ -93,14 +96,27 @@
     }
     
     /**
-     * Validates whether a password is valid.
+     * Validates whether a password is valid. A password must:
+     * 
+     * <ul>
+     * <li>Be between 8 and 80 characters long</li>
+     * <li>Include at least one digit</li>
+     * <li>Include at least one uppercase letter</li>
+     * </ul>
      * 
      * @param password the password.
      * @return true if the password is valid, false otherwise.
      */
     public static boolean passwordIsValid( String password )
     {
-        return password != null && password.length() >= 5 && password.length() < 50;
+        if ( password == null || password.trim().length() < 8 || password.trim().length() > 80 )
+        {
+            return false;
+        }
+        System.out.println("digit " + DIGIT_PATTERN.matcher( password ).matches());
+        System.out.println("upper " + UPPERCASE_PATTERN.matcher( password ).matches());
+        
+        return DIGIT_PATTERN.matcher( password ).matches() && UPPERCASE_PATTERN.matcher( password ).matches();
     }
     
     /**

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java'
--- dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java	2012-01-11 19:25:49 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/ValidationUtilsTest.java	2012-10-22 16:28:40 +0000
@@ -34,6 +34,8 @@
 import static org.hisp.dhis.system.util.ValidationUtils.coordinateIsValid;
 import static org.hisp.dhis.system.util.ValidationUtils.getLatitude;
 import static org.hisp.dhis.system.util.ValidationUtils.getLongitude;
+import static org.hisp.dhis.system.util.ValidationUtils.passwordIsValid;
+import static org.hisp.dhis.system.util.ValidationUtils.emailIsValid;
 
 import org.junit.Test;
 
@@ -86,4 +88,20 @@
         assertNull( getLatitude( "23.34343,56.3232" ) );
         assertNull( getLatitude( null ) );
     }
+    
+    @Test
+    public void testPasswordIsValid()
+    {
+        assertFalse( passwordIsValid( "Johnd1" ) );
+        assertFalse( passwordIsValid( "johndoe1" ) );
+        assertFalse( passwordIsValid( "Johndoedoe" ) );
+        assertTrue( passwordIsValid( "Johndoe1" ) );
+    }
+    
+    @Test
+    public void testEmailIsValid()
+    {
+        assertFalse( emailIsValid( "john@doe" ) );
+        assertTrue( emailIsValid( "john@xxxxxxx" ) );
+    }
 }

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2012-10-22 16:02:20 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2012-10-22 16:28:40 +0000
@@ -34,6 +34,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.hisp.dhis.api.utils.ContextUtils;
+import org.hisp.dhis.system.util.ValidationUtils;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserCredentials;
 import org.hisp.dhis.user.UserService;
@@ -125,7 +126,7 @@
             return "Last name is not specified or invalid";
         }
 
-        if ( password == null || password.trim().length() > MAX_LENGTH )
+        if ( password == null || !ValidationUtils.passwordIsValid( password ) )
         {
             response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
             return "Password is not specified or invalid";
@@ -135,7 +136,13 @@
         {
             response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
             return "Password cannot be equal to username";
-        }            
+        }
+        
+        if ( email == null || !ValidationUtils.emailIsValid( email ) )
+        {
+            response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
+            return "Email is not specified or invalid";
+        }
 
         if ( recapChallenge == null )
         {

=== modified file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js	2012-10-22 16:02:20 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/account.js	2012-10-22 16:28:40 +0000
@@ -17,6 +17,7 @@
 			required: true,
 			rangelength: [ 8, 80 ],
 			password: true,
+			notequalto : "#username",
 		},
 		retypePassword: {
 			required: true,