Project

General

Profile

« Previous | Next » 

Revision 4b4dfff4

Added by Andreas Kohlbecker over 2 years ago

fix #9862 implementing central password constraint validation classes and annotation

View differences:

cdmlib-model/pom.xml
197 197
    <dependency>
198 198
      <groupId>com.fasterxml.jackson.core</groupId>
199 199
      <artifactId>jackson-annotations</artifactId>
200
  </dependency>
200
    </dependency>
201
    <dependency>
202
      <groupId>org.passay</groupId>
203
      <artifactId>passay</artifactId>
204
    </dependency>
201 205
  </dependencies>
202 206
</project>
cdmlib-model/src/main/java/eu/etaxonomy/cdm/validation/annotation/ValidPassword.java
1
/**
2
* Copyright (C) 2021 EDIT
3
* European Distributed Institute of Taxonomy
4
* http://www.e-taxonomy.eu
5
*
6
* The contents of this file are subject to the Mozilla Public License Version 1.1
7
* See LICENSE.TXT at the top of this package for the full license terms.
8
*/
9
package eu.etaxonomy.cdm.validation.annotation;
10

  
11
import java.lang.annotation.Documented;
12
import java.lang.annotation.Retention;
13
import java.lang.annotation.Target;
14

  
15
import javax.validation.Constraint;
16
import javax.validation.Payload;
17

  
18
import eu.etaxonomy.cdm.validation.constraint.PasswordConstraintValidator;
19

  
20
/**
21
 * @author a.kohlbecker
22
 * @since Nov 12, 2021
23
 */
24
@Documented
25
@Constraint(validatedBy = PasswordConstraintValidator.class)
26
@Target({ TYPE, FIELD, ANNOTATION_TYPE })
27
@Retention(RUNTIME)
28
public  @interface ValidPassword {
29

  
30
    String message() default "Invalid Password";
31

  
32
    Class<?>[] groups() default {};
33

  
34
    Class<? extends Payload>[] payload() default {};
35

  
36
}
cdmlib-model/src/main/java/eu/etaxonomy/cdm/validation/constraint/PasswordConstraintValidator.java
1
/**
2
* Copyright (C) 2021 EDIT
3
* European Distributed Institute of Taxonomy
4
* http://www.e-taxonomy.eu
5
*
6
* The contents of this file are subject to the Mozilla Public License Version 1.1
7
* See LICENSE.TXT at the top of this package for the full license terms.
8
*/
9
package eu.etaxonomy.cdm.validation.constraint;
10

  
11
import java.util.ArrayList;
12
import java.util.Arrays;
13
import java.util.List;
14
import java.util.stream.Collectors;
15

  
16
import org.passay.CharacterRule;
17
import org.passay.EnglishCharacterData;
18
import org.passay.LengthRule;
19
import org.passay.PasswordData;
20
import org.passay.PasswordData.Origin;
21
import org.passay.PasswordValidator;
22
import org.passay.RuleResult;
23
import org.passay.WhitespaceRule;
24

  
25
import eu.etaxonomy.cdm.validation.annotation.ValidPassword;
26
import jakarta.validation.ConstraintValidator;
27
import jakarta.validation.ConstraintValidatorContext;
28

  
29
/**
30
 * @author a.kohlbecker
31
 * @since Nov 12, 2021
32
 */
33
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {
34

  
35
    @Override
36
    public boolean isValid(String value, ConstraintValidatorContext context) {
37

  
38
        final PasswordValidator validator = defaultPasswordValidator();
39
        final RuleResult result = validator.validate(new PasswordData(value));
40
        if (result.isValid()) {
41
            return true;
42
        }
43
        context.disableDefaultConstraintViolation();
44
        context.buildConstraintViolationWithTemplate(
45
                validator.getMessages(result).stream().collect(Collectors.joining(", "))).addConstraintViolation();
46
        return false;
47
    }
48

  
49
    private static PasswordValidator defaultPasswordValidator() {
50
        return new PasswordValidator(Arrays.asList(
51
                // see https://www.passay.org/reference/
52

  
53
                // length between 8 and 16 characters
54
                new LengthRule(8, Integer.MAX_VALUE),
55

  
56
                // at least one upper-case character
57
                new CharacterRule(EnglishCharacterData.UpperCase, 1),
58

  
59
                // at least one lower-case character
60
                new CharacterRule(EnglishCharacterData.LowerCase, 1),
61

  
62
                // at least one digit character
63
                new CharacterRule(EnglishCharacterData.Digit, 1),
64

  
65
//                // at least one symbol (special character)
66
//                new CharacterRule(EnglishCharacterData.Special, 1),
67

  
68
                // no whitespace
69
                new WhitespaceRule()));
70
    }
71

  
72
    public static class PasswordRulesValidator {
73

  
74
        private PasswordValidator validator = PasswordConstraintValidator.defaultPasswordValidator();
75

  
76
        /**
77
         * Validate a password which was generated by a typical human user
78
         *
79
         * @param password
80
         *            The password to validate
81
         * @return In case of rule violations the returned lost contains the
82
         *         violation messages, other wise the lost is empty.
83
         */
84
        public List<String> validateUserPassword(String password) {
85
            return readViolationMessageList(validator.validate(new PasswordData(password)));
86
        }
87

  
88
        /**
89
         * Validate a password which was generated by a random source
90
         *
91
         * @param password
92
         *            The password to validate
93
         * @return In case of rule violations the returned lost contains the
94
         *         violation messages, other wise the lost is empty.
95
         */
96
        public List<String> validateGeneratedPassword(String password) {
97
            return readViolationMessageList(validator.validate(new PasswordData(password, Origin.Generated)));
98
        }
99

  
100
        private List<String> readViolationMessageList(RuleResult validate) {
101
            if (validate.isValid()) {
102
                return new ArrayList<>(0);
103
            }
104
            return validator.getMessages(validate);
105
        }
106

  
107
        protected PasswordValidator getValidator() {
108
            return validator;
109
        }
110
    }
111

  
112
}
pom.xml
1672 1672
        <groupId>org.apache.commons</groupId>
1673 1673
        <artifactId>commons-text</artifactId>
1674 1674
        <version>1.9</version>
1675
    </dependency>
1675
      </dependency>
1676
      <dependency>
1677
        <groupId>org.passay</groupId>
1678
        <artifactId>passay</artifactId>
1679
        <version>1.6.1</version>
1680
      </dependency>
1676 1681
   </dependencies>    
1677 1682
  </dependencyManagement>
1678 1683
</project>

Also available in: Unified diff