Add min length to password fields (#524)

* Add min length to password fields
This commit is contained in:
gbrodman 2020-03-24 11:16:05 -04:00 committed by GitHub
parent 7b602300d8
commit 2998b56982
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 6 deletions

View file

@ -29,6 +29,7 @@ import com.google.re2j.Pattern;
import google.registry.model.registrar.Registrar; import google.registry.model.registrar.Registrar;
import google.registry.model.registrar.RegistrarAddress; import google.registry.model.registrar.RegistrarAddress;
import google.registry.model.registrar.RegistrarContact; import google.registry.model.registrar.RegistrarContact;
import google.registry.ui.forms.FormException;
import google.registry.ui.forms.FormField; import google.registry.ui.forms.FormField;
import google.registry.ui.forms.FormFieldException; import google.registry.ui.forms.FormFieldException;
import google.registry.ui.forms.FormFields; import google.registry.ui.forms.FormFields;
@ -405,6 +406,10 @@ public final class RegistrarFormFields {
.ifPresent( .ifPresent(
password -> { password -> {
if (!Strings.isNullOrEmpty(password)) { if (!Strings.isNullOrEmpty(password)) {
if (password.length() < 8) {
throw new FormException(
"Registry lock password must be at least 8 characters long");
}
builder.setRegistryLockPassword(password); builder.setRegistryLockPassword(password);
} }
}); });

View file

@ -89,7 +89,7 @@
disabled disabled
{/if} {/if}
{if $isPassword} {if $isPassword}
type="password" type="password" minlength="8"
{/if}> {/if}>
</td> </td>
</tr> </tr>

View file

@ -190,7 +190,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
public void testSuccess_setRegistryLockPassword() { public void testSuccess_setRegistryLockPassword() {
addPasswordToTechContact(); addPasswordToTechContact();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS"); assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS");
} }
@ -198,7 +198,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
public void testSuccess_setRegistryLockPassword_notOverriddenLater() { public void testSuccess_setRegistryLockPassword_notOverriddenLater() {
addPasswordToTechContact(); addPasswordToTechContact();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
Map<String, Object> techContactMap = techContact.toJsonMap(); Map<String, Object> techContactMap = techContact.toJsonMap();
@ -211,14 +211,14 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson)); action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS")); assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS"));
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH)); techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue(); assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
} }
private void addPasswordToTechContact() { private void addPasswordToTechContact() {
techContact = techContact =
persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build()); persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
Map<String, Object> contactMap = techContact.toJsonMap(); Map<String, Object> contactMap = techContact.toJsonMap();
contactMap.put("registryLockPassword", "hi"); contactMap.put("registryLockPassword", "hellothere");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put( reqJson.put(
"contacts", "contacts",
@ -262,7 +262,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
// before we can set a password through the UI // before we can set a password through the UI
Map<String, Object> contactMap = Map<String, Object> contactMap =
techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build().toJsonMap(); techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build().toJsonMap();
contactMap.put("registryLockPassword", "hi"); contactMap.put("registryLockPassword", "hellothere");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put( reqJson.put(
"contacts", "contacts",
@ -303,4 +303,28 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
"Cannot set isAllowedToSetRegistryLockPassword through UI"); "Cannot set isAllowedToSetRegistryLockPassword through UI");
assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
} }
@Test
public void testPost_failure_setRegistryLock_passwordTooShort() {
techContact =
persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
Map<String, Object> contactMap = techContact.toJsonMap();
contactMap.put("registryLockPassword", "hi");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put(
"contacts",
ImmutableList.of(AppEngineRule.makeRegistrarContact2().toJsonMap(), contactMap));
Map<String, Object> response =
action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
assertThat(response)
.containsExactly(
"status",
"ERROR",
"results",
ImmutableList.of(),
"message",
"Registry lock password must be at least 8 characters long");
assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
}
} }