enforce user password validation when created in the admin view (#1937)

2025-10-17 10:00:27 +02:00
parent 8871ae894f
commit 7e825192d0
4 changed files with 10 additions and 5 deletions
--- a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java
@@ -4,6 +4,8 @@ import java.io.Serializable;
 import org.eclipse.microprofile.openapi.annotations.media.Schema;
 import com.commafeed.security.password.ValidPassword;
 import lombok.Data;
@SuppressWarnings("serial")
@@ -21,6 +23,7 @@ public class AdminSaveUserRequest implements Serializable {
 	private String email;
 	@Schema(description = "user password")
 	@ValidPassword
 	private String password;
 	@Schema(description = "account status", required = true)
--- a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java
@@ -22,7 +22,7 @@ public class RegistrationRequest implements Serializable {
 	@Size(min = 3, max = 32)
 	private String name;
-	@Schema(description = "password, minimum 6 characters", required = true)
+	@Schema(description = "password", required = true)
 	@NotEmpty
 	@ValidPassword
 	private String password;
--- a/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java
@@ -9,6 +9,7 @@ import java.util.Set;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Singleton;
 import jakarta.transaction.Transactional;
 import jakarta.validation.Valid;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
@@ -65,7 +66,7 @@ public class AdminREST {
 	@Operation(
 			summary = "Save or update a user",
 			description = "Save or update a user. If the id is not specified, a new user will be created")
-	public Response adminSaveUser(@Parameter(required = true) AdminSaveUserRequest req) {
+	public Response adminSaveUser(@Valid @Parameter(required = true) AdminSaveUserRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getName());
--- a/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java
+++ b/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java
@@ -9,8 +9,8 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import com.commafeed.backend.model.User;
 import com.commafeed.frontend.model.UserModel;
 import com.commafeed.frontend.model.request.AdminSaveUserRequest;
 import com.commafeed.frontend.model.request.IDRequest;
 import com.commafeed.integration.BaseIT;
@@ -51,10 +51,11 @@ class AdminIT extends BaseIT {
 		}
 		private long createUser() {
-			User user = new User();
+			AdminSaveUserRequest user = new AdminSaveUserRequest();
 			user.setName("test");
-			user.setPassword("test".getBytes());
+			user.setPassword("Test1234!");
 			user.setEmail("test@test.com");
 			user.setEnabled(true);
 			String response = RestAssured.given()
 					.body(user)
 					.contentType(ContentType.JSON)