garrettmills/commafeed
1
0
Fork 0
forked from Archives/Athou_commafeed
Code Pull Requests Activity

remove complex password requirements (#1916)

Browse Source
This commit is contained in:
Athou
2026-01-10 17:53:05 +01:00
parent a080ede15b
commit 2e8fd737af
5 changed files with 11 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
commafeed-server/src/main/java/com/commafeed/CommaFeedApplication.java
View File

@@ -20,7 +20,7 @@ public class CommaFeedApplication {
private final CommaFeedConfiguration config;
public void start(@Observes StartupEvent ev) {
PasswordConstraintValidator.setStrict(config.users().strictPasswordPolicy());
PasswordConstraintValidator.setMinimumPasswordLength(config.users().minimumPasswordLength());
feedRefreshEngine.start();
taskScheduler.start();

6
commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java
View File

@@ -326,10 +326,10 @@ public interface CommaFeedConfiguration {
boolean allowRegistrations();
/**
* Whether to enable strict password validation (1 uppercase char, 1 lowercase char, 1 digit, 1 special char).
* Minimum password length for user accounts.
*/
@WithDefault("true")
boolean strictPasswordPolicy();
@WithDefault("4")
int minimumPasswordLength();
/**
* Whether to create a demo account the first time the app starts.

27
commafeed-server/src/main/java/com/commafeed/security/password/PasswordConstraintValidator.java
View File

@@ -6,8 +6,6 @@ import jakarta.validation.ConstraintValidator;
import jakarta.validation.ConstraintValidatorContext;
import org.apache.commons.lang3.StringUtils;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
@@ -19,7 +17,7 @@ import lombok.Setter;
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {
@Setter
private static boolean strict = true;
private static int minimumPasswordLength;
@Override
public void initialize(ValidPassword constraintAnnotation) {
@@ -32,7 +30,7 @@ public class PasswordConstraintValidator implements ConstraintValidator<ValidPas
return true;
}
PasswordValidator validator = strict ? buildStrictPasswordValidator() : buildLoosePasswordValidator();
PasswordValidator validator = buildPasswordValidator();
RuleResult result = validator.validate(new PasswordData(value));
if (result.isValid()) {
@@ -45,28 +43,11 @@ public class PasswordConstraintValidator implements ConstraintValidator<ValidPas
return false;
}
private PasswordValidator buildStrictPasswordValidator() {
private PasswordValidator buildPasswordValidator() {
return new PasswordValidator(
// length
new LengthRule(8, 256),
// 1 uppercase char
new CharacterRule(EnglishCharacterData.UpperCase, 1),
// 1 lowercase char
new CharacterRule(EnglishCharacterData.LowerCase, 1),
// 1 digit
new CharacterRule(EnglishCharacterData.Digit, 1),
// 1 special char
new CharacterRule(EnglishCharacterData.Special, 1),
new LengthRule(minimumPasswordLength, 256),
// no whitespace
new WhitespaceRule());
}
private PasswordValidator buildLoosePasswordValidator() {
return new PasswordValidator(
// length
new LengthRule(6, 256),
// no whitespace
new WhitespaceRule());
}
}

2
commafeed-server/src/test/java/com/commafeed/TestConstants.java
View File

@@ -2,5 +2,5 @@ package com.commafeed;
public class TestConstants {
public static final String ADMIN_USERNAME = "admin";
public static final String ADMIN_PASSWORD = "!Admin1234";
public static final String ADMIN_PASSWORD = "admin";
}

7
commafeed-server/src/test/java/com/commafeed/e2e/AuthentificationIT.java
View File

@@ -53,13 +53,10 @@ class AuthentificationIT {
Page page = context.newPage();
page.navigate(getLoginPageUrl());
page.getByText("Sign up!").click();
PlaywrightTestUtils.register(page, "user", "user@domain.com", "pass");
PlaywrightTestUtils.register(page, "user", "user@domain.com", "p");
Locator alert = page.getByRole(AriaRole.ALERT);
PlaywrightAssertions.assertThat(alert).containsText("Password must be 8 or more characters in length.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more uppercase characters.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more digit characters.");
PlaywrightAssertions.assertThat(alert).containsText("Password must contain 1 or more special characters.");
PlaywrightAssertions.assertThat(alert).containsText("Password must be 4 or more characters in length.");
}
@Test