You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2020/09/17 09:49:48 UTC
[openmeetings] branch master updated: [OPENMEETINGS-2443] more pwd controls were added

This is an automated email from the ASF dual-hosted git repository.

solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git


The following commit(s) were added to refs/heads/master by this push:
     new 2872ee6  [OPENMEETINGS-2443] more pwd controls were added
2872ee6 is described below

commit 2872ee632159c785d69d0d431c79b61ceddef0bb
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Thu Sep 17 16:49:24 2020 +0700

    [OPENMEETINGS-2443] more pwd controls were added
---
 .../core/util/StrongPasswordValidator.java         |  6 ++-
 .../core/util/TestStrongPasswordValidator.java     | 43 +++++++++++++++-------
 .../db/dao/basic/ConfigurationDao.java             | 14 +++++++
 .../installation/ImportInitvalues.java             |  7 +++-
 .../openmeetings/util/OpenmeetingsVariables.java   | 20 ++++++++++
 .../org/apache/openmeetings/web/room/raw-video.js  | 12 +++---
 6 files changed, 80 insertions(+), 22 deletions(-)

diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
index c2c7893..234e4b4 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/StrongPasswordValidator.java
@@ -19,6 +19,8 @@
 package org.apache.openmeetings.core.util;
 
 import static org.apache.openmeetings.util.OpenmeetingsVariables.getMinPasswdLength;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.isPwdCheckDigit;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.isPwdCheckSpecial;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.isPwdCheckUpper;
 
 import java.util.Locale;
@@ -49,11 +51,11 @@ public class StrongPasswordValidator implements IValidator<String> {
 	}
 
 	private static boolean noDigit(String password) {
-		return password == null || !password.matches(".*\\d+.*");
+		return password == null || (isPwdCheckDigit() && !password.matches(".*\\d+.*"));
 	}
 
 	private static boolean noSymbol(String password) {
-		return password == null || !password.matches(".*[!@#$%^&*\\]\\[]+.*");
+		return password == null || (isPwdCheckSpecial() && !password.matches(".*[!@#$%^&*\\]\\[]+.*"));
 	}
 
 	private static boolean noUpperCase(String password) {
diff --git a/openmeetings-core/src/test/java/org/apache/openmeetings/core/util/TestStrongPasswordValidator.java b/openmeetings-core/src/test/java/org/apache/openmeetings/core/util/TestStrongPasswordValidator.java
index d1b30d6..fd69c5f 100644
--- a/openmeetings-core/src/test/java/org/apache/openmeetings/core/util/TestStrongPasswordValidator.java
+++ b/openmeetings-core/src/test/java/org/apache/openmeetings/core/util/TestStrongPasswordValidator.java
@@ -18,6 +18,8 @@
  */
 package org.apache.openmeetings.core.util;
 
+import static org.apache.openmeetings.util.OpenmeetingsVariables.setPwdCheckDigit;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.setPwdCheckSpecial;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.setPwdCheckUpper;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.ArgumentMatchers.any;
@@ -39,7 +41,7 @@ import org.mockito.MockedStatic;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
-public class TestStrongPasswordValidator {
+class TestStrongPasswordValidator {
 	private static User getUser(String login, String email) {
 		User u = new User();
 		u.setLogin(login);
@@ -48,6 +50,10 @@ public class TestStrongPasswordValidator {
 		return u;
 	}
 
+	private static User getUser3() {
+		return getUser("2222", "2222@local");
+	}
+
 	private static Stream<Arguments> provideTestArgs() {
 		List<Arguments> args = new ArrayList<>();
 		for (boolean web : new boolean[] {true, false}) {
@@ -56,7 +62,7 @@ public class TestStrongPasswordValidator {
 			args.add(Arguments.of(null, web, u1, 5));
 			User u2 = getUser("2222", null);
 			args.add(Arguments.of("1", web, u2, 4));
-			User u3 = getUser("2222", "2222@local");
+			User u3 = getUser3();
 			args.add(Arguments.of("password", web, u3, 3));
 			args.add(Arguments.of("passWord", web, u3, 2));
 			args.add(Arguments.of("passWord222", web, u3, 2));
@@ -98,28 +104,39 @@ public class TestStrongPasswordValidator {
 		});
 	}
 
-
 	@Test
 	void testNoUpper() {
 		try {
 			setPwdCheckUpper(false);
-			runWrapped(() -> {
-				int expectedErrors = 2;
-				String pwd = "password";
-				Validatable<String> pass = new Validatable<>(pwd);
-				User u = getUser("2222", "2222@local");
-				StrongPasswordValidator validator = new StrongPasswordValidator(u);
-				validator.validate(pass);
-				assertEquals(expectedErrors, pass.getErrors().size(), "Expected exactly " + expectedErrors + " errors, pass: '" + pwd + "', user: " + u);
-			});
+			test("password", false, getUser3(), 2);
 		} finally {
 			setPwdCheckUpper(true);
 		}
 	}
 
+	@Test
+	void testNoDigit() {
+		try {
+			setPwdCheckDigit(false);
+			test("password", false, getUser3(), 2);
+		} finally {
+			setPwdCheckDigit(true);
+		}
+	}
+
+	@Test
+	void testNoSpecial() {
+		try {
+			setPwdCheckSpecial(false);
+			test("password", false, getUser3(), 2);
+		} finally {
+			setPwdCheckSpecial(true);
+		}
+	}
+
 	@ParameterizedTest
 	@MethodSource("provideTestArgs")
-	void testNull(String pwd, boolean web, User u, int expectedErrors) {
+	void test(String pwd, boolean web, User u, int expectedErrors) {
 		runWrapped(() -> {
 			Validatable<String> pass = new Validatable<>(pwd);
 			StrongPasswordValidator validator = new StrongPasswordValidator(web, u);
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
index 82af13d..6fe4fff 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
@@ -295,6 +295,12 @@ public class ConfigurationDao implements IDataProviderDao<Configuration> {
 			case CONFIG_PASS_CHECK_UPPER:
 				reloadPwdCheckUpper();
 				break;
+			case CONFIG_PASS_CHECK_DIGIT:
+				reloadPwdCheckNumber();
+				break;
+			case CONFIG_PASS_CHECK_SPECIAL:
+				reloadPwdCheckSpecial();
+				break;
 			case CONFIG_DEFAULT_GROUP_ID:
 				reloadDefaultGroup();
 				break;
@@ -436,6 +442,14 @@ public class ConfigurationDao implements IDataProviderDao<Configuration> {
 		setPwdCheckUpper(getBool(CONFIG_PASS_CHECK_UPPER, true));
 	}
 
+	private void reloadPwdCheckNumber() {
+		setPwdCheckDigit(getBool(CONFIG_PASS_CHECK_DIGIT, true));
+	}
+
+	private void reloadPwdCheckSpecial() {
+		setPwdCheckSpecial(getBool(CONFIG_PASS_CHECK_SPECIAL, true));
+	}
+
 	private void reloadDefaultGroup() {
 		setDefaultGroup(getLong(CONFIG_DEFAULT_GROUP_ID, null));
 	}
diff --git a/openmeetings-install/src/main/java/org/apache/openmeetings/installation/ImportInitvalues.java b/openmeetings-install/src/main/java/org/apache/openmeetings/installation/ImportInitvalues.java
index 937adcb..60fe1cf 100644
--- a/openmeetings-install/src/main/java/org/apache/openmeetings/installation/ImportInitvalues.java
+++ b/openmeetings-install/src/main/java/org/apache/openmeetings/installation/ImportInitvalues.java
@@ -72,6 +72,8 @@ import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_MP4_AUDI
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_MP4_AUDIO_RATE;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_MP4_VIDEO_PRESET;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_MYROOMS_ENABLED;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_PASS_CHECK_DIGIT;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_PASS_CHECK_SPECIAL;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_PASS_CHECK_UPPER;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_PASS_MIN_LENGTH;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_PATH_FFMPEG;
@@ -154,6 +156,7 @@ public class ImportInitvalues {
 	private static final String VER_3_0_3 = "3.0.3";
 	private static final String VER_3_3_0 = "3.3.0";
 	private static final String VER_5_0_0 = "5.0.0";
+	private static final String VER_5_0_1 = "5.0.1";
 	private static final String CLIENT_PLACEHOLDER = "<put your client_id>";
 	private static final String SECRET_PLACEHOLDER = "<put your client_secret>";
 	private static final String EMAIL_PARAM = "email";
@@ -385,7 +388,9 @@ public class ImportInitvalues {
 				+ DEFAULT_CSP_STYLE + ")" + cspMore, VER_5_0_0);
 		addCfg(list, CONFIG_SMTP_SSL, String.valueOf(false), Configuration.Type.BOOL, "Enable SSL", VER_5_0_0);
 		addCfg(list, CONFIG_CSP_ENABLED, String.valueOf(true), Configuration.Type.BOOL, "Whether or not CSP secure headers are enabled", VER_5_0_0);
-		addCfg(list, CONFIG_PASS_CHECK_UPPER, String.valueOf(true), Configuration.Type.BOOL, "Whether or not Password MUST contain uppercase characters", "5.0.1");
+		addCfg(list, CONFIG_PASS_CHECK_UPPER, String.valueOf(true), Configuration.Type.BOOL, "Whether or not Password MUST contain uppercase characters", VER_5_0_1);
+		addCfg(list, CONFIG_PASS_CHECK_DIGIT, String.valueOf(true), Configuration.Type.BOOL, "Whether or not Password MUST contain numeric", VER_5_0_1);
+		addCfg(list, CONFIG_PASS_CHECK_SPECIAL, String.valueOf(true), Configuration.Type.BOOL, "Whether or not Password MUST contain special character", VER_5_0_1);
 		return list;
 	}
 	public void loadConfiguration(InstallationConfig cfg) {
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OpenmeetingsVariables.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OpenmeetingsVariables.java
index 69d1b35..5455445 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/OpenmeetingsVariables.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/OpenmeetingsVariables.java
@@ -52,6 +52,8 @@ public class OpenmeetingsVariables {
 	public static final String CONFIG_LOGIN_MIN_LENGTH = "user.login.minimum.length";
 	public static final String CONFIG_PASS_MIN_LENGTH = "user.pass.minimum.length";
 	public static final String CONFIG_PASS_CHECK_UPPER = "user.pass.check.upper";
+	public static final String CONFIG_PASS_CHECK_DIGIT = "user.pass.check.digit";
+	public static final String CONFIG_PASS_CHECK_SPECIAL = "user.pass.check.special";
 	public static final String CONFIG_IGNORE_BAD_SSL = "oauth2.ignore.bad.ssl";
 	public static final String CONFIG_REDIRECT_URL_FOR_EXTERNAL = "redirect.url.for.external.users";
 	public static final String CONFIG_APPOINTMENT_REMINDER_MINUTES = "number.minutes.reminder.send";
@@ -130,6 +132,8 @@ public class OpenmeetingsVariables {
 	private static int minLoginLength = USER_LOGIN_MINIMUM_LENGTH;
 	private static int minPasswdLength = USER_PASSWORD_MINIMUM_LENGTH;
 	private static boolean pwdCheckUpper = true;
+	private static boolean pwdCheckDigit = true;
+	private static boolean pwdCheckSpecial = true;
 	private static JSONObject roomSettings = new JSONObject();
 	private static boolean initComplete = false;
 	private static long maxUploadSize = DEFAULT_MAX_UPLOAD_SIZE;
@@ -338,6 +342,22 @@ public class OpenmeetingsVariables {
 		pwdCheckUpper = check;
 	}
 
+	public static boolean isPwdCheckDigit() {
+		return pwdCheckDigit;
+	}
+
+	public static void setPwdCheckDigit(boolean check) {
+		pwdCheckDigit = check;
+	}
+
+	public static boolean isPwdCheckSpecial() {
+		return pwdCheckSpecial;
+	}
+
+	public static void setPwdCheckSpecial(boolean check) {
+		pwdCheckSpecial = check;
+	}
+
 	public static Long getDefaultGroup() {
 		return defaultGroup;
 	}
diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js b/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js
index 302146d..d6b0112 100644
--- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js
+++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js
@@ -169,12 +169,12 @@ var Video = (function() {
 					level = MicLevel();
 					level.meter(data.analyser, lm, _micActivity, OmUtil.error);
 				}
-				data.rtcPeer.generateOffer(function(error, offerSdp) {
+				data.rtcPeer.generateOffer(function(genErr, offerSdp) {
 					if (state.disposed || true === data.rtcPeer.cleaned) {
 						return;
 					}
-					if (error) {
-						return OmUtil.error('Sender sdp offer error ' + error);
+					if (genErr) {
+						return OmUtil.error('Sender sdp offer error ' + genErr);
 					}
 					OmUtil.log('Invoking Sender SDP offer callback function');
 					VideoManager.sendMessage({
@@ -216,12 +216,12 @@ var Video = (function() {
 				if (error) {
 					return OmUtil.error(error);
 				}
-				data.rtcPeer.generateOffer(function(error, offerSdp) {
+				data.rtcPeer.generateOffer(function(genErr, offerSdp) {
 					if (state.disposed || true === data.rtcPeer.cleaned) {
 						return;
 					}
-					if (error) {
-						return OmUtil.error('Receiver sdp offer error ' + error);
+					if (genErr) {
+						return OmUtil.error('Receiver sdp offer error ' + genErr);
 					}
 					OmUtil.log('Invoking Receiver SDP offer callback function');
 					VideoManager.sendMessage({