From fa677c629842df60099daa9c23bd802bc41b48d1 Mon Sep 17 00:00:00 2001
From: Alex Bogdanovski <alex@erudika.com>
Date: Mon, 23 May 2022 17:51:21 +0300
Subject: [PATCH] fixed password length issues

---
 .../main/java/com/erudika/para/core/User.java |  3 +-
 .../para/core/validation/ValidationUtils.java |  4 ++
 .../para/core/utils/ValidationUtilsTest.java  | 65 ++++++++++++++++++-
 3 files changed, 68 insertions(+), 4 deletions(-)

diff --git a/para-core/src/main/java/com/erudika/para/core/User.java b/para-core/src/main/java/com/erudika/para/core/User.java
index 101e56c7..c494a7e0 100644
--- a/para-core/src/main/java/com/erudika/para/core/User.java
+++ b/para-core/src/main/java/com/erudika/para/core/User.java
@@ -32,7 +32,6 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Objects;
-import javax.validation.constraints.Max;
 import javax.validation.constraints.NotBlank;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -80,7 +79,7 @@ public class User implements ParaObject {
 	@Stored private String idpAccessToken;
 	@Stored private String idpRefreshToken;
 
-	private transient @Max(MAX_PASSWORD_LENGTH) String password;
+	private transient String password;
 
 	/**
 	 * No-args constructor.
diff --git a/para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java b/para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java
index 10a3dc20..20574e5d 100644
--- a/para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java
+++ b/para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java
@@ -60,6 +60,7 @@
 import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import org.apache.commons.beanutils.PropertyUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.hibernate.validator.constraints.URL;
 import org.slf4j.Logger;
@@ -125,6 +126,9 @@ public static String[] validateObject(ParaObject content) {
 				String prop = "'".concat(constraintViolation.getPropertyPath().toString()).concat("'");
 				list.add(prop.concat(" ").concat(constraintViolation.getMessage()));
 			}
+			if (content instanceof User && StringUtils.length(((User) content).getPassword()) > User.MAX_PASSWORD_LENGTH) {
+				list.add(Utils.formatMessage("{0} must not be longer than {1}.", Config._PASSWORD, User.MAX_PASSWORD_LENGTH));
+			}
 		} catch (Exception e) {
 			logger.error(null, e);
 		}
diff --git a/para-server/src/test/java/com/erudika/para/core/utils/ValidationUtilsTest.java b/para-server/src/test/java/com/erudika/para/core/utils/ValidationUtilsTest.java
index 20694d7a..83f4769e 100644
--- a/para-server/src/test/java/com/erudika/para/core/utils/ValidationUtilsTest.java
+++ b/para-server/src/test/java/com/erudika/para/core/utils/ValidationUtilsTest.java
@@ -17,13 +17,12 @@
  */
 package com.erudika.para.core.utils;
 
-import com.erudika.para.core.utils.Config;
 import com.erudika.para.core.App;
 import com.erudika.para.core.Sysprop;
 import com.erudika.para.core.Tag;
 import com.erudika.para.core.User;
-import static com.erudika.para.core.validation.ValidationUtils.*;
 import static com.erudika.para.core.validation.Constraint.*;
+import static com.erudika.para.core.validation.ValidationUtils.*;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -228,6 +227,68 @@ public void testValidateObject() {
 		assertTrue(validateObject(app, s1).length == 0);
 	}
 
+	@Test
+	public void testPasswordConstraint() {
+		User u = new User();
+		u.setName("test");
+		u.setEmail("ab@cd.com");
+		u.setIdentifier("ab@cd.com");
+		assertTrue(validateObject(u).length == 0);
+		u.setPassword("T123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345670"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678"
+				+ "91234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891"
+				+ "23456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123"
+				+ "45678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345"
+				+ "67891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678"
+				+ "91234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891"
+				+ "23456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123"
+				+ "45678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345"
+				+ "67891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678"
+				+ "91234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891"
+				+ "23456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123"
+				+ "45678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345"
+				+ "67891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678"
+				+ "91234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891"
+				+ "23456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123"
+				+ "45678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345"
+				+ "67891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "78912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678"
+				+ "91234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891"
+				+ "23456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123"
+				+ "45678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345"
+				+ "67891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567"
+				+ "89123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789"
+				+ "12345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912345678912"
+				+ "34567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234"
+				+ "56789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456789123456"
+				+ "789hellohellohellohello");
+		assertFalse(validateObject(u).length == 0);
+	}
+
 	@Test
 	public void testGetCoreValidationConstraints() {
 		assertTrue(getCoreValidationConstraints().containsKey("app"));