From 76661ad253e371c876fe157200fc196c3f9667f3 Mon Sep 17 00:00:00 2001 From: Nho Quy Dinh Date: Mon, 7 Jun 2021 19:17:09 +0200 Subject: [PATCH] Apply password complexity check in backend --- .../nonononoki/alovoa/service/RegisterService.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/main/java/com/nonononoki/alovoa/service/RegisterService.java b/src/main/java/com/nonononoki/alovoa/service/RegisterService.java index a0c14737..7b9b3c4b 100644 --- a/src/main/java/com/nonononoki/alovoa/service/RegisterService.java +++ b/src/main/java/com/nonononoki/alovoa/service/RegisterService.java @@ -89,6 +89,8 @@ public class RegisterService { private UserService userService; private static final String GMAIL_EMAIL = "@gmail"; + + private static final int MIN_PASSWORD_SIZE = 7; private static final Logger logger = LoggerFactory.getLogger(RegisterService.class); @@ -204,6 +206,7 @@ public User registerConfirm(String tokenString) throws MessagingException, IOExc return user; } + //used by normal registration and oauth private BaseRegisterDto registerBase(RegisterDto dto) throws AlovoaException { if (dto.getFirstName().length() > firstNameLengthMax || dto.getFirstName().length() < firstNameLengthMin) { @@ -215,10 +218,20 @@ private BaseRegisterDto registerBase(RegisterDto dto) throws AlovoaException { if (userAge < minAge) { throw new AlovoaException(publicService.text("backend.error.register.min-age")); } + + if(dto.getPassword().length() < MIN_PASSWORD_SIZE) { + throw new AlovoaException("password_too_short"); + } + + if(!dto.getPassword().matches(".*\\d.*") || !dto.getPassword().matches(".*[a-zA-Z].*")) { + throw new AlovoaException("password_too_simple"); + } User user = new User(); user.setEmail(dto.getEmail().toLowerCase()); user.setFirstName(dto.getFirstName()); + + //default age bracket, user can change it later in their profile int userMinAge = userAge - ageRange; int userMaxAge = userAge + ageRange; if (userMinAge < minAge) {