Apply password complexity check in backend

Alovoa · Jun 7, 2021 · 76661ad · 76661ad
1 parent 1b4dbba
commit 76661ad
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/main/java/com/nonononoki/alovoa/service/RegisterService.java b/src/main/java/com/nonononoki/alovoa/service/RegisterService.java
@@ -89,6 +89,8 @@ public class RegisterService {
 	private UserService userService;
 
 	private static final String GMAIL_EMAIL = "@gmail";
+
+	private static final int MIN_PASSWORD_SIZE = 7;
 
 	private static final Logger logger = LoggerFactory.getLogger(RegisterService.class);
 
@@ -204,6 +206,7 @@ public User registerConfirm(String tokenString) throws MessagingException, IOExc
 		return user;
 	}
 
+	//used by normal registration and oauth
 	private BaseRegisterDto registerBase(RegisterDto dto) throws AlovoaException {
 
 		if (dto.getFirstName().length() > firstNameLengthMax || dto.getFirstName().length() < firstNameLengthMin) {
@@ -215,10 +218,20 @@ private BaseRegisterDto registerBase(RegisterDto dto) throws AlovoaException {
 		if (userAge < minAge) {
 			throw new AlovoaException(publicService.text("backend.error.register.min-age"));
 		}
+
+		if(dto.getPassword().length() < MIN_PASSWORD_SIZE) {
+			throw new AlovoaException("password_too_short");
+		}
+
+		if(!dto.getPassword().matches(".*\\d.*") || !dto.getPassword().matches(".*[a-zA-Z].*")) {
+			throw new AlovoaException("password_too_simple");
+		}
 
 		User user = new User();
 		user.setEmail(dto.getEmail().toLowerCase());
 		user.setFirstName(dto.getFirstName());
+
+		//default age bracket, user can change it later in their profile
 		int userMinAge = userAge - ageRange;
 		int userMaxAge = userAge + ageRange;
 		if (userMinAge < minAge) {