Add min length to password fields (#524)

* Add min length to password fields
This commit is contained in:
gbrodman 2020-03-24 11:16:05 -04:00 committed by GitHub
parent 7b602300d8
commit 2998b56982
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 6 deletions

View file

@ -29,6 +29,7 @@ import com.google.re2j.Pattern;
import google.registry.model.registrar.Registrar;
import google.registry.model.registrar.RegistrarAddress;
import google.registry.model.registrar.RegistrarContact;
import google.registry.ui.forms.FormException;
import google.registry.ui.forms.FormField;
import google.registry.ui.forms.FormFieldException;
import google.registry.ui.forms.FormFields;
@ -405,6 +406,10 @@ public final class RegistrarFormFields {
.ifPresent(
password -> {
if (!Strings.isNullOrEmpty(password)) {
if (password.length() < 8) {
throw new FormException(
"Registry lock password must be at least 8 characters long");
}
builder.setRegistryLockPassword(password);
}
});

View file

@ -89,7 +89,7 @@
disabled
{/if}
{if $isPassword}
type="password"
type="password" minlength="8"
{/if}>
</td>
</tr>

View file

@ -190,7 +190,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
public void testSuccess_setRegistryLockPassword() {
addPasswordToTechContact();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS");
}
@ -198,7 +198,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
public void testSuccess_setRegistryLockPassword_notOverriddenLater() {
addPasswordToTechContact();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
Map<String, Object> techContactMap = techContact.toJsonMap();
@ -211,14 +211,14 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS"));
techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
assertThat(techContact.verifyRegistryLockPassword("hellothere")).isTrue();
}
private void addPasswordToTechContact() {
techContact =
persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
Map<String, Object> contactMap = techContact.toJsonMap();
contactMap.put("registryLockPassword", "hi");
contactMap.put("registryLockPassword", "hellothere");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put(
"contacts",
@ -262,7 +262,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
// before we can set a password through the UI
Map<String, Object> contactMap =
techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build().toJsonMap();
contactMap.put("registryLockPassword", "hi");
contactMap.put("registryLockPassword", "hellothere");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put(
"contacts",
@ -303,4 +303,28 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
"Cannot set isAllowedToSetRegistryLockPassword through UI");
assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
}
@Test
public void testPost_failure_setRegistryLock_passwordTooShort() {
techContact =
persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
Map<String, Object> contactMap = techContact.toJsonMap();
contactMap.put("registryLockPassword", "hi");
Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
reqJson.put(
"contacts",
ImmutableList.of(AppEngineRule.makeRegistrarContact2().toJsonMap(), contactMap));
Map<String, Object> response =
action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
assertThat(response)
.containsExactly(
"status",
"ERROR",
"results",
ImmutableList.of(),
"message",
"Registry lock password must be at least 8 characters long");
assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
}
}