You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by bp...@apache.org on 2022/03/25 04:11:19 UTC
[ranger] branch ranger-2.3 updated: RANGER-3678: Update password validation criteria
This is an automated email from the ASF dual-hosted git repository.
bpatel pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new 7fdd906 RANGER-3678: Update password validation criteria
7fdd906 is described below
commit 7fdd9060b0c15dfbcd709b34729a265fc7a0cd44
Author: Bhavik Patel <bh...@gmail.com>
AuthorDate: Thu Mar 24 10:34:34 2022 +0530
RANGER-3678: Update password validation criteria
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 7 +++----
.../java/org/apache/ranger/common/StringUtil.java | 21 +++------------------
.../ranger/patch/cliutil/ChangePasswordUtil.java | 14 ++++++--------
.../java/org/apache/ranger/biz/TestXUserMgr.java | 2 +-
4 files changed, 13 insertions(+), 31 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 9971889..b031e96 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2605,11 +2605,10 @@ public class XUserMgr extends XUserMgrBase {
protected void validatePassword(VXUser vXUser) {
if (vXUser.getPassword() != null && !vXUser.getPassword().isEmpty()) {
boolean checkPassword = false;
- String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
- checkPassword = vXUser.getPassword().trim().matches(pattern);
+ checkPassword = vXUser.getPassword().trim().matches(StringUtil.VALIDATION_CRED);
if (!checkPassword) {
- logger.warn("validatePassword(). Password should be minimum 8 characters with min one alphabet and one numeric.");
- throw restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with min one alphabet and one numeric", null);
+ logger.warn("validatePassword(). Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.");
+ throw restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.", null);
}
} else {
logger.warn("validatePassword(). Password cannot be blank/null.");
diff --git a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
index 8debc24..ed2e8df 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
@@ -36,7 +36,7 @@ import org.springframework.stereotype.Component;
public class StringUtil implements Serializable {
private static final Logger logger = LoggerFactory.getLogger(StringUtil.class);
- static final public int MIN_PASSWORD_LENGTH = 8;
+ static final public String VALIDATION_CRED = "(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,}";
static final public String VALIDATION_NAME = "^([A-Za-z0-9_]|[\u00C0-\u017F])([a-zA-Z0-9\\s_. -@]|[\u00C0-\u017F])+$";
static final public String VALIDATION_TEXT = "[a-zA-Z0-9\\ \"!@#$%^&*()-_=+;:'"|~`<>?/{}\\.\\,\\-\\?<>\\x00-\\x7F\\p{L}-]*";
@@ -126,23 +126,8 @@ public class StringUtil implements Serializable {
return false;
}
password = password.trim();
- if (password.length() < MIN_PASSWORD_LENGTH) {
- return false;
- }
-
- boolean hasAlpha = false;
- boolean hasNum = false;
- for (int i = 0; i < password.length(); i++) {
- char ch = password.charAt(i);
-
- if (Character.isDigit(ch)) {
- hasNum = true;
- } else if (Character.isLetter(ch)) {
- hasAlpha = true;
- }
- }
-
- if (!hasAlpha || !hasNum) {
+ boolean checkPassword = password.matches(VALIDATION_CRED);
+ if (!checkPassword) {
return false;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 0cc4fe2..31cdff0 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -21,6 +21,7 @@ package org.apache.ranger.patch.cliutil;
import org.apache.ranger.biz.UserMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.patch.BaseLoader;
@@ -260,16 +261,13 @@ public class ChangePasswordUtil extends BaseLoader {
private void validatePassword(String newPassword) {
boolean checkPassword = false;
if (newPassword != null) {
- String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
- checkPassword = newPassword.trim().matches(pattern);
+ checkPassword = newPassword.trim().matches(StringUtil.VALIDATION_CRED);
if (!checkPassword) {
- logger.error(
- "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
- System.out.println(
- "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
+ String msg = "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.";
+ logger.error(msg);
+ System.out.println(msg);
throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
- MessageEnums.INVALID_PASSWORD, null,
- "Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
+ MessageEnums.INVALID_PASSWORD, null, msg, null);
}
} else {
logger.error("validatePassword(). Password cannot be blank/null.");
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 57e9738..3b5ec02 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -2708,7 +2708,7 @@ public class TestXUserMgr {
setup();
VXUser vxUser = vxUser();
vxUser.setPassword("password");
- Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with min one alphabet and one numeric", null)).thenThrow(new WebApplicationException());
+ Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric", null)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.validatePassword(vxUser);
}