diff --git a/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java b/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java index c37a1d88c..46c95d411 100644 --- a/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java +++ b/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java @@ -29,6 +29,7 @@ import com.google.re2j.Pattern; import google.registry.model.registrar.Registrar; import google.registry.model.registrar.RegistrarAddress; import google.registry.model.registrar.RegistrarContact; +import google.registry.ui.forms.FormException; import google.registry.ui.forms.FormField; import google.registry.ui.forms.FormFieldException; import google.registry.ui.forms.FormFields; @@ -405,6 +406,10 @@ public final class RegistrarFormFields { .ifPresent( password -> { if (!Strings.isNullOrEmpty(password)) { + if (password.length() < 8) { + throw new FormException( + "Registry lock password must be at least 8 characters long"); + } builder.setRegistryLockPassword(password); } }); diff --git a/core/src/main/resources/google/registry/ui/soy/Forms.soy b/core/src/main/resources/google/registry/ui/soy/Forms.soy index 992cbd033..8d543943e 100644 --- a/core/src/main/resources/google/registry/ui/soy/Forms.soy +++ b/core/src/main/resources/google/registry/ui/soy/Forms.soy @@ -89,7 +89,7 @@ disabled {/if} {if $isPassword} - type="password" + type="password" minlength="8" {/if}> diff --git a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java index 347da6e72..5b363e411 100644 --- a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java +++ b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java @@ -190,7 +190,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { public void testSuccess_setRegistryLockPassword() { addPasswordToTechContact(); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); - assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); + assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue(); assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS"); } @@ -198,7 +198,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { public void testSuccess_setRegistryLockPassword_notOverriddenLater() { addPasswordToTechContact(); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); - assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); + assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue(); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); Map techContactMap = techContact.toJsonMap(); @@ -211,14 +211,14 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson)); assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS")); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); - assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); + assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue(); } private void addPasswordToTechContact() { techContact = persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build()); Map contactMap = techContact.toJsonMap(); - contactMap.put("registryLockPassword", "hi"); + contactMap.put("registryLockPassword", "hellothere"); Map reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); reqJson.put( "contacts", @@ -262,7 +262,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { // before we can set a password through the UI Map contactMap = techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build().toJsonMap(); - contactMap.put("registryLockPassword", "hi"); + contactMap.put("registryLockPassword", "hellothere"); Map reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); reqJson.put( "contacts", @@ -303,4 +303,28 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { "Cannot set isAllowedToSetRegistryLockPassword through UI"); assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); } + + @Test + public void testPost_failure_setRegistryLock_passwordTooShort() { + techContact = + persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build()); + Map contactMap = techContact.toJsonMap(); + contactMap.put("registryLockPassword", "hi"); + Map reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); + reqJson.put( + "contacts", + ImmutableList.of(AppEngineRule.makeRegistrarContact2().toJsonMap(), contactMap)); + + Map response = + action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson)); + assertThat(response) + .containsExactly( + "status", + "ERROR", + "results", + ImmutableList.of(), + "message", + "Registry lock password must be at least 8 characters long"); + assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); + } }