Please cherry-pick:

author Roland Häder <roland@mxchange.org>

Fri, 2 Sep 2016 15:58:18 +0000 (17:58 +0200)

committer Roland Haeder <roland@mxchange.org>

Fri, 2 Sep 2016 20:18:08 +0000 (22:18 +0200)
author Roland Häder <roland@mxchange.org>
Fri, 2 Sep 2016 15:58:18 +0000 (17:58 +0200)
committer Roland Haeder <roland@mxchange.org>
Fri, 2 Sep 2016 20:18:08 +0000 (22:18 +0200)
diff --git a/src/java/org/mxchange/jjobs/beans/BaseJobsController.java b/src/java/org/mxchange/jjobs/beans/BaseJobsController.java

index b0f7a3ca7775abe1980176f99ec2458728ae8fb2..9ff18c85d9c3f2baec58b3725e0dbd844906feb6 100644 (file)
--- a/src/java/org/mxchange/jjobs/beans/BaseJobsController.java
+++ b/src/java/org/mxchange/jjobs/beans/BaseJobsController.java
@@ -24,6 +24,7 @@ import java.util.MissingResourceException;
  import java.util.ResourceBundle;
  import javax.faces.application.FacesMessage;
  import javax.faces.context.FacesContext;
+import org.mxchange.jusercore.model.user.UserUtils;
  
  /**
   * A general controller
@@ -128,6 +129,39 @@ public abstract class BaseJobsController implements Serializable {
                 return isEnabled;
         }
  
+       /**
+        * Checks if given password is to weak to be used
+        * <p>
+        * @param password Clear-text password
+        * <p>
+        * @return Whether the entered password is to weak
+        */
+       protected boolean isWeakPassword (final String password) {
+               // Log message
+               System.out.println(this.getClass().getSimpleName() + ":isWeakPassword: password=" + password + " - CALLED!");
+
+               // Is parameter set?
+               if (null == password) {
+                       // Throw NPE
+                       throw new NullPointerException("password is null"); //NOI18N
+               }
+
+               // Get score value
+               double passwordScore = UserUtils.calculatePasswordScore(password);
+
+               // Log message
+               System.out.println(this.getClass().getSimpleName() + ".isWeakPassword: passwordScore=" + passwordScore);
+
+               // Is the score within range?
+               boolean isWeak = (passwordScore <= this.getIntegerContextParameter("min_user_password_score")); //NOI18N
+
+               // Log message
+               System.out.println(this.getClass().getSimpleName() + ".isWeakPassword: isWeak=" + isWeak + " - EXIT!");
+
+               // Return it
+               return isWeak;
+       }
+
         /**
          * Shows a faces message for given causing exception. The message from the
          * exception is being inserted into the message.
diff --git a/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java

index 5da800a5b25b72c8bea7379069a1973e5b02fb56..c2a20d9e802fe166cbf708f1d6c298004efb6ef7 100644 (file)
--- a/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java
+++ b/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java
@@ -280,6 +280,12 @@ public class JobsAdminUserWebRequestBean extends BaseJobsController implements J
                 } else if ((this.beanHelper.getContact() == null) && (this.contactController.isEmailAddressRegistered(user.getUserContact()))) {
                         // Email address is already used
                         this.showFacesMessage("admin_add_user:emailAddress", "ERROR_EMAIL_ADDRESS_ALREADY_USED"); //NOI18N
+
+                       // Always clear password
+                       this.setUserPassword(null);
+                       this.setUserPasswordRepeat(null);
+
+                       // Skip it
                         return ""; //NOI18N
                 } else if ((this.getUserPassword() == null && (this.getUserPasswordRepeat() == null)) || ((this.getUserPassword().isEmpty()) && (this.getUserPasswordRepeat().isEmpty()))) {
                         // Empty password entered, then generate one
diff --git a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java

index 9cc1287194386b6bfbb0a2d86c1e2461daf62170..563319ffca7b89aeb457d31bb2610cd5a302fab4 100644 (file)
--- a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java
+++ b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java
@@ -157,6 +157,16 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement
  
                         // No redirect
                         return ""; //NOI18N
+               } else if (this.isWeakPassword(this.getUserPassword())) {
+                       // Password is to weak
+                       this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_PASSWORD_TO_WEAK"); //NOI18N
+
+                       // Clear bean
+                       this.userLoginController.setUserCurrentPassword(null);
+                       this.clear();
+
+                       // Skip it
+                       return ""; //NOI18N
                 }
  
                 // Get user instance
diff --git a/src/java/org/mxchange/localization/bundle_de_DE.properties b/src/java/org/mxchange/localization/bundle_de_DE.properties

index 31358ddfae14ed284e4357956ae9835625985781..6c3c745840dd9506473f10e9cba191a4c6f51dcd 100644 (file)
--- a/src/java/org/mxchange/localization/bundle_de_DE.properties
+++ b/src/java/org/mxchange/localization/bundle_de_DE.properties
@@ -793,3 +793,4 @@ USER_ENTER_NEW_PASSWORD=Neues Passwort:
  USER_ENTER_NEW_PASSWORD_REPEAT=Wiederholen:
  BUTTON_USER_CHANGE_PASSWORD=Passwort \u00e4ndern
  ADMIN_LINK_SHOW_CONTACT_DATA=Kontaktdaten anzeigen
+ERROR_USER_PASSWORD_TO_WEAK=Das eingegebene Passwort ist zu schwach. Bitte geben Sie Bustaben, Zahlen und Sonderzeichen ein, um ein sicheres Passwort zu erstellen.
diff --git a/src/java/org/mxchange/localization/bundle_en_US.properties b/src/java/org/mxchange/localization/bundle_en_US.properties

index 92c5414f96088e59969da09df0ea6ac673ed2dbd..c7a06137870a8f560899bbc39ad2272ec1f49345 100644 (file)
--- a/src/java/org/mxchange/localization/bundle_en_US.properties
+++ b/src/java/org/mxchange/localization/bundle_en_US.properties
@@ -794,3 +794,4 @@ USER_ENTER_NEW_PASSWORD=New password:
  USER_ENTER_NEW_PASSWORD_REPEAT=Repeat:
  BUTTON_USER_CHANGE_PASSWORD=Change password
  ADMIN_LINK_SHOW_CONTACT_DATA=Show contact data
+ERROR_USER_PASSWORD_TO_WEAK=Your entered password is to weak. Please enter letters, numbers and special characters to create a secure password.
diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml

index fd961717835d898bedbb3cd46f2f117f950229f7..06905fb64e683c959a65e2720586b30f3c9b8517 100644 (file)
--- a/web/WEB-INF/web.xml
+++ b/web/WEB-INF/web.xml
@@ -127,6 +127,11 @@
          <param-name>is_feature_user_must_change_email_address_enabled</param-name>
          <param-value>true</param-value>
      </context-param>
+    <context-param>
+        <description>Minimum password score (default 50 may be to low)</description>
+        <param-name>min_user_password_score</param-name>
+        <param-value>50</param-value>
+    </context-param>
      <servlet>
          <servlet-name>Faces Servlet</servlet-name>
          <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
author	Roland Häder <roland@mxchange.org>
	Fri, 2 Sep 2016 15:58:18 +0000 (17:58 +0200)
committer	Roland Haeder <roland@mxchange.org>
	Fri, 2 Sep 2016 20:18:08 +0000 (22:18 +0200)
src/java/org/mxchange/jjobs/beans/BaseJobsController.java		patch \| blob \| history
src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java		patch \| blob \| history
src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java		patch \| blob \| history
src/java/org/mxchange/localization/bundle_de_DE.properties		patch \| blob \| history
src/java/org/mxchange/localization/bundle_en_US.properties		patch \| blob \| history
web/WEB-INF/web.xml		patch \| blob \| history