Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove complex password requirements (#1916)

Browse Source
This commit is contained in:
Athou
2026-01-10 17:53:05 +01:00
parent a080ede15b
commit 2e8fd737af
5 changed files with 11 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java
View File

@@ -20,7 +20,7 @@ public class CommaFeedApplication {
private final CommaFeedConfiguration config; private final CommaFeedConfiguration config;
public void start(@Observes StartupEvent ev) { public void start(@Observes StartupEvent ev) {
PasswordConstraintValidator.setStrict(config.users().strictPasswordPolicy()); PasswordConstraintValidator.setMinimumPasswordLength(config.users().minimumPasswordLength());
feedRefreshEngine.start(); feedRefreshEngine.start();
taskScheduler.start(); taskScheduler.start();

6
commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java
View File

@@ -326,10 +326,10 @@ public interface CommaFeedConfiguration {
boolean allowRegistrations(); boolean allowRegistrations();
/** /**
* Whether to enable strict password validation (1 uppercase char, 1 lowercase char, 1 digit, 1 special char). * Minimum password length for user accounts.
*/ */
@WithDefault("true") @WithDefault("4")
boolean strictPasswordPolicy(); int minimumPasswordLength();
/** /**
* Whether to create a demo account the first time the app starts. * Whether to create a demo account the first time the app starts.

27
commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java
View File

@@ -6,8 +6,6 @@ import jakarta.validation.ConstraintValidator;
import jakarta.validation.ConstraintValidatorContext; import jakarta.validation.ConstraintValidatorContext;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule; import org.passay.LengthRule;
import org.passay.PasswordData; import org.passay.PasswordData;
import org.passay.PasswordValidator; import org.passay.PasswordValidator;
@@ -19,7 +17,7 @@ import lombok.Setter;
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> { public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {
@Setter @Setter
private static boolean strict = true; private static int minimumPasswordLength;
@Override @Override
public void initialize(ValidPassword constraintAnnotation) { public void initialize(ValidPassword constraintAnnotation) {
@@ -32,7 +30,7 @@ public class PasswordConstraintValidator implements ConstraintValidator<ValidPas
return true; return true;
} }
PasswordValidator validator = strict ? buildStrictPasswordValidator() : buildLoosePasswordValidator(); PasswordValidator validator = buildPasswordValidator();
RuleResult result = validator.validate(new PasswordData(value)); RuleResult result = validator.validate(new PasswordData(value));
if (result.isValid()) { if (result.isValid()) {
@@ -45,28 +43,11 @@ public class PasswordConstraintValidator implements ConstraintValidator<ValidPas
return false; return false;
} }
private PasswordValidator buildStrictPasswordValidator() { private PasswordValidator buildPasswordValidator() {
return new PasswordValidator( return new PasswordValidator(
// length // length
new LengthRule(8, 256), new LengthRule(minimumPasswordLength, 256),
// 1 uppercase char
new CharacterRule(EnglishCharacterData.UpperCase, 1),
// 1 lowercase char
new CharacterRule(EnglishCharacterData.LowerCase, 1),
// 1 digit
new CharacterRule(EnglishCharacterData.Digit, 1),
// 1 special char
new CharacterRule(EnglishCharacterData.Special, 1),
// no whitespace // no whitespace
new WhitespaceRule()); new WhitespaceRule());
} }
private PasswordValidator buildLoosePasswordValidator() {
return new PasswordValidator(
// length
new LengthRule(6, 256),
// no whitespace
new WhitespaceRule());
}
} }

2
commafeed-server/src/test/java/com/commafeed/TestConstants.java
View File

@@ -2,5 +2,5 @@ package com.commafeed;
public class TestConstants { public class TestConstants {
public static final String ADMIN_USERNAME = "admin"; public static final String ADMIN_USERNAME = "admin";
public static final String ADMIN_PASSWORD = "!Admin1234"; public static final String ADMIN_PASSWORD = "admin";
} }

7
commafeed-server/src/test/java/com/commafeed/e2e/AuthentificationIT.java
View File

@@ -53,13 +53,10 @@ class AuthentificationIT {
Page page = context.newPage(); Page page = context.newPage();
page.navigate(getLoginPageUrl()); page.navigate(getLoginPageUrl());
page.getByText("Sign up!").click(); page.getByText("Sign up!").click();
PlaywrightTestUtils.register(page, "user", "user@domain.com", "pass"); PlaywrightTestUtils.register(page, "user", "user@domain.com", "p");
Locator alert = page.getByRole(AriaRole.ALERT); Locator alert = page.getByRole(AriaRole.ALERT);
PlaywrightAssertions.assertThat(alert).containsText("Password must be 8 or more characters in length."); PlaywrightAssertions.assertThat(alert).containsText("Password must be 4 or more characters in length.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more uppercase characters.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more digit characters.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more special characters.");
} }
@Test @Test