Add min length to password fields (#524)

* Add min length to password fields
2025-07-10 21:23:22 +02:00 · 2020-03-24 11:16:05 -04:00 · 2020-03-24 11:16:05 -04:00 · 2998b56982
commit 2998b56982
parent 7b602300d8
3 changed files with 35 additions and 6 deletions
--- a/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java
+++ b/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java
@ -29,6 +29,7 @@ import com.google.re2j.Pattern;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarAddress;
 import google.registry.model.registrar.RegistrarContact;
+import google.registry.ui.forms.FormException;
 import google.registry.ui.forms.FormField;
 import google.registry.ui.forms.FormFieldException;
 import google.registry.ui.forms.FormFields;
@ -405,6 +406,10 @@ public final class RegistrarFormFields {
        .ifPresent(
            password -> {
              if (!Strings.isNullOrEmpty(password)) {
+                if (password.length() < 8) {
+                  throw new FormException(
+                      "Registry lock password must be at least 8 characters long");
+                }
                builder.setRegistryLockPassword(password);
              }
            });
--- a/core/src/main/resources/google/registry/ui/soy/Forms.soy
+++ b/core/src/main/resources/google/registry/ui/soy/Forms.soy
@ -89,7 +89,7 @@
             disabled
          {/if}
          {if $isPassword}
-             type="password"
+             type="password" minlength="8"
          {/if}>
    </td>
  </tr>
--- a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java
+++ b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java
@ -190,7 +190,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
  public void testSuccess_setRegistryLockPassword() {
    addPasswordToTechContact();
    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
-    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+    assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
    assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS");
  }

@ -198,7 +198,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
  public void testSuccess_setRegistryLockPassword_notOverriddenLater() {
    addPasswordToTechContact();
    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
-    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+    assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();

    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
    Map<String, Object> techContactMap = techContact.toJsonMap();
@ -211,14 +211,14 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
        action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
    assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS"));
    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
-    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+    assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
  }

  private void addPasswordToTechContact() {
    techContact =
        persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
    Map<String, Object> contactMap = techContact.toJsonMap();
-    contactMap.put("registryLockPassword", "hi");
+    contactMap.put("registryLockPassword", "hellothere");
    Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
    reqJson.put(
        "contacts",
@ -262,7 +262,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
    // before we can set a password through the UI
    Map<String, Object> contactMap =
        techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build().toJsonMap();
-    contactMap.put("registryLockPassword", "hi");
+    contactMap.put("registryLockPassword", "hellothere");
    Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
    reqJson.put(
        "contacts",
@ -303,4 +303,28 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
            "Cannot set isAllowedToSetRegistryLockPassword through UI");
    assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
  }
+
+  @Test
+  public void testPost_failure_setRegistryLock_passwordTooShort() {
+    techContact =
+        persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
+    Map<String, Object> contactMap = techContact.toJsonMap();
+    contactMap.put("registryLockPassword", "hi");
+    Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
+    reqJson.put(
+        "contacts",
+        ImmutableList.of(AppEngineRule.makeRegistrarContact2().toJsonMap(), contactMap));
+
+    Map<String, Object> response =
+        action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
+    assertThat(response)
+        .containsExactly(
+            "status",
+            "ERROR",
+            "results",
+            ImmutableList.of(),
+            "message",
+            "Registry lock password must be at least 8 characters long");
+    assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
+  }
 }