You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by bp...@apache.org on 2022/03/25 04:11:19 UTC

[ranger] branch ranger-2.3 updated: RANGER-3678: Update password validation criteria

This is an automated email from the ASF dual-hosted git repository.

bpatel pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.3 by this push:
     new 7fdd906  RANGER-3678: Update password validation criteria
7fdd906 is described below

commit 7fdd9060b0c15dfbcd709b34729a265fc7a0cd44
Author: Bhavik Patel <bh...@gmail.com>
AuthorDate: Thu Mar 24 10:34:34 2022 +0530

    RANGER-3678: Update password validation criteria
---
 .../main/java/org/apache/ranger/biz/XUserMgr.java   |  7 +++----
 .../java/org/apache/ranger/common/StringUtil.java   | 21 +++------------------
 .../ranger/patch/cliutil/ChangePasswordUtil.java    | 14 ++++++--------
 .../java/org/apache/ranger/biz/TestXUserMgr.java    |  2 +-
 4 files changed, 13 insertions(+), 31 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 9971889..b031e96 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2605,11 +2605,10 @@ public class XUserMgr extends XUserMgrBase {
 	protected void validatePassword(VXUser vXUser) {
 		if (vXUser.getPassword() != null && !vXUser.getPassword().isEmpty()) {
 			boolean checkPassword = false;
-			String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
-			checkPassword = vXUser.getPassword().trim().matches(pattern);
+			checkPassword = vXUser.getPassword().trim().matches(StringUtil.VALIDATION_CRED);
 			if (!checkPassword) {
-				logger.warn("validatePassword(). Password should be minimum 8 characters with min one alphabet and one numeric.");
-				throw restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with min one alphabet and one numeric", null);
+				logger.warn("validatePassword(). Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.");
+				throw restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.", null);
 			}
 		} else {
 			logger.warn("validatePassword(). Password cannot be blank/null.");
diff --git a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
index 8debc24..ed2e8df 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
@@ -36,7 +36,7 @@ import org.springframework.stereotype.Component;
 public class StringUtil implements Serializable {
 	private static final Logger logger = LoggerFactory.getLogger(StringUtil.class);
 
-	static final public int MIN_PASSWORD_LENGTH = 8;
+	static final public String VALIDATION_CRED = "(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,}";
 
 	static final public String VALIDATION_NAME = "^([A-Za-z0-9_]|[\u00C0-\u017F])([a-zA-Z0-9\\s_. -@]|[\u00C0-\u017F])+$";
 	static final public String VALIDATION_TEXT = "[a-zA-Z0-9\\ \"!@#$%^&amp;*()-_=+;:'&quot;|~`&lt;&gt;?/{}\\.\\,\\-\\?<>\\x00-\\x7F\\p{L}-]*";
@@ -126,23 +126,8 @@ public class StringUtil implements Serializable {
 			return false;
 		}
 		password = password.trim();
-		if (password.length() < MIN_PASSWORD_LENGTH) {
-			return false;
-		}
-
-		boolean hasAlpha = false;
-		boolean hasNum = false;
-		for (int i = 0; i < password.length(); i++) {
-			char ch = password.charAt(i);
-
-			if (Character.isDigit(ch)) {
-				hasNum = true;
-			} else if (Character.isLetter(ch)) {
-				hasAlpha = true;
-			}
-		}
-
-		if (!hasAlpha || !hasNum) {
+		boolean checkPassword = password.matches(VALIDATION_CRED);
+		if (!checkPassword) {
 			return false;
 		}
 
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 0cc4fe2..31cdff0 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -21,6 +21,7 @@ package org.apache.ranger.patch.cliutil;
 import org.apache.ranger.biz.UserMgr;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.patch.BaseLoader;
@@ -260,16 +261,13 @@ public class ChangePasswordUtil extends BaseLoader {
 	private void validatePassword(String newPassword) {
 		boolean checkPassword = false;
 		if (newPassword != null) {
-			String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
-			checkPassword = newPassword.trim().matches(pattern);
+			checkPassword = newPassword.trim().matches(StringUtil.VALIDATION_CRED);
 			if (!checkPassword) {
-				logger.error(
-						"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
-				System.out.println(
-						"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
+				String msg = "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric.";
+				logger.error(msg);
+				System.out.println(msg);
 				throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
-						MessageEnums.INVALID_PASSWORD, null,
-						"Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
+						MessageEnums.INVALID_PASSWORD, null, msg, null);
 			}
 		} else {
 			logger.error("validatePassword(). Password cannot be blank/null.");
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 57e9738..3b5ec02 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -2708,7 +2708,7 @@ public class TestXUserMgr {
 		setup();
 		VXUser vxUser = vxUser();
 		vxUser.setPassword("password");
-		Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with min one alphabet and one numeric", null)).thenThrow(new WebApplicationException());
+		Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, at least one uppercase letter, one lowercase letter and one numeric", null)).thenThrow(new WebApplicationException());
 		thrown.expect(WebApplicationException.class);
 		xUserMgr.validatePassword(vxUser);
 	}