Project

General

Profile

« Previous | Next » 

Revision 4b4dfff4

Added by Andreas Kohlbecker almost 3 years ago

fix #9862 implementing central password constraint validation classes and annotation

View differences:

cdmlib-model/pom.xml
197 197 
    <dependency>
198 198 
      <groupId>com.fasterxml.jackson.core</groupId>
199 199 
      <artifactId>jackson-annotations</artifactId>
200 
  </dependency>
200 
    </dependency>
201 
    <dependency>
202 
      <groupId>org.passay</groupId>
203 
      <artifactId>passay</artifactId>
204 
    </dependency>
201 205 
  </dependencies>
202 206 
</project>
cdmlib-model/src/main/java/eu/etaxonomy/cdm/validation/annotation/ValidPassword.java
1 
/**
2 
* Copyright (C) 2021 EDIT
3 
* European Distributed Institute of Taxonomy
4 
* http://www.e-taxonomy.eu
5 
*
6 
* The contents of this file are subject to the Mozilla Public License Version 1.1
7 
* See LICENSE.TXT at the top of this package for the full license terms.
8 
*/
9 
package eu.etaxonomy.cdm.validation.annotation;
10 

  		




  
  11
  
    
import java.lang.annotation.Documented;


  		




  
  12
  
    
import java.lang.annotation.Retention;


  		




  
  13
  
    
import java.lang.annotation.Target;


  		




  
  14
  
    

  		




  
  15
  
    
import javax.validation.Constraint;


  		




  
  16
  
    
import javax.validation.Payload;


  		




  
  17
  
    

  		




  
  18
  
    
import eu.etaxonomy.cdm.validation.constraint.PasswordConstraintValidator;


  		




  
  19
  
    

  		




  
  20
  
    
/**


  		




  
  21
  
    
 * @author a.kohlbecker


  		




  
  22
  
    
 * @since Nov 12, 2021


  		




  
  23
  
    
 */


  		




  
  24
  
    
@Documented


  		




  
  25
  
    
@Constraint(validatedBy = PasswordConstraintValidator.class)


  		




  
  26
  
    
@Target({ TYPE, FIELD, ANNOTATION_TYPE })


  		




  
  27
  
    
@Retention(RUNTIME)


  		




  
  28
  
    
public  @interface ValidPassword {


  		




  
  29
  
    

  		




  
  30
  
    
    String message() default "Invalid Password";


  		




  
  31
  
    

  		




  
  32
  
    
    Class<?>[] groups() default {};


  		




  
  33
  
    

  		




  
  34
  
    
    Class<? extends Payload>[] payload() default {};


  		




  
  35
  
    

  		




  
  36
  
    
}


  		












  

    
      cdmlib-model/src/main/java/eu/etaxonomy/cdm/validation/constraint/PasswordConstraintValidator.java
    
  





  
  1
  
    
/**


  		




  
  2
  
    
* Copyright (C) 2021 EDIT


  		




  
  3
  
    
* European Distributed Institute of Taxonomy


  		




  
  4
  
    
* http://www.e-taxonomy.eu


  		




  
  5
  
    
*


  		




  
  6
  
    
* The contents of this file are subject to the Mozilla Public License Version 1.1


  		




  
  7
  
    
* See LICENSE.TXT at the top of this package for the full license terms.


  		




  
  8
  
    
*/


  		




  
  9
  
    
package eu.etaxonomy.cdm.validation.constraint;


  		




  
  10
  
    

  		




  
  11
  
    
import java.util.ArrayList;


  		




  
  12
  
    
import java.util.Arrays;


  		




  
  13
  
    
import java.util.List;


  		




  
  14
  
    
import java.util.stream.Collectors;


  		




  
  15
  
    

  		




  
  16
  
    
import org.passay.CharacterRule;


  		




  
  17
  
    
import org.passay.EnglishCharacterData;


  		




  
  18
  
    
import org.passay.LengthRule;


  		




  
  19
  
    
import org.passay.PasswordData;


  		




  
  20
  
    
import org.passay.PasswordData.Origin;


  		




  
  21
  
    
import org.passay.PasswordValidator;


  		




  
  22
  
    
import org.passay.RuleResult;


  		




  
  23
  
    
import org.passay.WhitespaceRule;


  		




  
  24
  
    

  		




  
  25
  
    
import eu.etaxonomy.cdm.validation.annotation.ValidPassword;


  		




  
  26
  
    
import jakarta.validation.ConstraintValidator;


  		




  
  27
  
    
import jakarta.validation.ConstraintValidatorContext;


  		




  
  28
  
    

  		




  
  29
  
    
/**


  		




  
  30
  
    
 * @author a.kohlbecker


  		




  
  31
  
    
 * @since Nov 12, 2021


  		




  
  32
  
    
 */


  		




  
  33
  
    
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {


  		




  
  34
  
    

  		




  
  35
  
    
    @Override


  		




  
  36
  
    
    public boolean isValid(String value, ConstraintValidatorContext context) {


  		




  
  37
  
    

  		




  
  38
  
    
        final PasswordValidator validator = defaultPasswordValidator();


  		




  
  39
  
    
        final RuleResult result = validator.validate(new PasswordData(value));


  		




  
  40
  
    
        if (result.isValid()) {


  		




  
  41
  
    
            return true;


  		




  
  42
  
    
        }


  		




  
  43
  
    
        context.disableDefaultConstraintViolation();


  		




  
  44
  
    
        context.buildConstraintViolationWithTemplate(


  		




  
  45
  
    
                validator.getMessages(result).stream().collect(Collectors.joining(", "))).addConstraintViolation();


  		




  
  46
  
    
        return false;


  		




  
  47
  
    
    }


  		




  
  48
  
    

  		




  
  49
  
    
    private static PasswordValidator defaultPasswordValidator() {


  		




  
  50
  
    
        return new PasswordValidator(Arrays.asList(


  		




  
  51
  
    
                // see https://www.passay.org/reference/


  		




  
  52
  
    

  		




  
  53
  
    
                // length between 8 and 16 characters


  		




  
  54
  
    
                new LengthRule(8, Integer.MAX_VALUE),


  		




  
  55
  
    

  		




  
  56
  
    
                // at least one upper-case character


  		




  
  57
  
    
                new CharacterRule(EnglishCharacterData.UpperCase, 1),


  		




  
  58
  
    

  		




  
  59
  
    
                // at least one lower-case character


  		




  
  60
  
    
                new CharacterRule(EnglishCharacterData.LowerCase, 1),


  		




  
  61
  
    

  		




  
  62
  
    
                // at least one digit character


  		




  
  63
  
    
                new CharacterRule(EnglishCharacterData.Digit, 1),


  		




  
  64
  
    

  		




  
  65
  
    
//                // at least one symbol (special character)


  		




  
  66
  
    
//                new CharacterRule(EnglishCharacterData.Special, 1),


  		




  
  67
  
    

  		




  
  68
  
    
                // no whitespace


  		




  
  69
  
    
                new WhitespaceRule()));


  		




  
  70
  
    
    }


  		




  
  71
  
    

  		




  
  72
  
    
    public static class PasswordRulesValidator {


  		




  
  73
  
    

  		




  
  74
  
    
        private PasswordValidator validator = PasswordConstraintValidator.defaultPasswordValidator();


  		




  
  75
  
    

  		




  
  76
  
    
        /**


  		




  
  77
  
    
         * Validate a password which was generated by a typical human user


  		




  
  78
  
    
         *


  		




  
  79
  
    
         * @param password


  		




  
  80
  
    
         *            The password to validate


  		




  
  81
  
    
         * @return In case of rule violations the returned lost contains the


  		




  
  82
  
    
         *         violation messages, other wise the lost is empty.


  		




  
  83
  
    
         */


  		




  
  84
  
    
        public List<String> validateUserPassword(String password) {


  		




  
  85
  
    
            return readViolationMessageList(validator.validate(new PasswordData(password)));


  		




  
  86
  
    
        }


  		




  
  87
  
    

  		




  
  88
  
    
        /**


  		




  
  89
  
    
         * Validate a password which was generated by a random source


  		




  
  90
  
    
         *


  		




  
  91
  
    
         * @param password


  		




  
  92
  
    
         *            The password to validate


  		




  
  93
  
    
         * @return In case of rule violations the returned lost contains the


  		




  
  94
  
    
         *         violation messages, other wise the lost is empty.


  		




  
  95
  
    
         */


  		




  
  96
  
    
        public List<String> validateGeneratedPassword(String password) {


  		




  
  97
  
    
            return readViolationMessageList(validator.validate(new PasswordData(password, Origin.Generated)));


  		




  
  98
  
    
        }


  		




  
  99
  
    

  		




  
  100
  
    
        private List<String> readViolationMessageList(RuleResult validate) {


  		




  
  101
  
    
            if (validate.isValid()) {


  		




  
  102
  
    
                return new ArrayList<>(0);


  		




  
  103
  
    
            }


  		




  
  104
  
    
            return validator.getMessages(validate);


  		




  
  105
  
    
        }


  		




  
  106
  
    

  		




  
  107
  
    
        protected PasswordValidator getValidator() {


  		




  
  108
  
    
            return validator;


  		




  
  109
  
    
        }


  		




  
  110
  
    
    }


  		




  
  111
  
    

  		




  
  112
  
    
}


  		












  

    
      pom.xml
    
  





  1672
  1672
  
    
        <groupId>org.apache.commons</groupId>


  		




  1673
  1673
  
    
        <artifactId>commons-text</artifactId>


  		




  1674
  1674
  
    
        <version>1.9</version>


  		




  1675
  
  
    
    </dependency>


  		




  
  1675
  
    
      </dependency>


  		




  
  1676
  
    
      <dependency>


  		




  
  1677
  
    
        <groupId>org.passay</groupId>


  		




  
  1678
  
    
        <artifactId>passay</artifactId>


  		




  
  1679
  
    
        <version>1.6.1</version>


  		




  
  1680
  
    
      </dependency>


  		




  1676
  1681
  
    
   </dependencies>    


  		




  1677
  1682
  
    
  </dependencyManagement>


  		




  1678
  1683
  
    
</project>


  		












Also available in:  Unified diff