From: Roland Häder Date: Fri, 2 Sep 2016 15:58:18 +0000 (+0200) Subject: Please cherry-pick: X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=260c62ac1eb58c62f71b4186e9b32e2d13ecf0b4;p=jjobs-war.git Please cherry-pick: - added check if password has minimum strength in user controller - introduced isWeakPassword() which does the test - added context parameter min_user_password_score for minimum score (please alter this to your needs) - always clear entered passwords when a JSF message is being output (something went wrong) - added missing i18n string Signed-off-by: Roland Häder --- diff --git a/src/java/org/mxchange/jjobs/beans/BaseJobsController.java b/src/java/org/mxchange/jjobs/beans/BaseJobsController.java index b0f7a3ca..9ff18c85 100644 --- a/src/java/org/mxchange/jjobs/beans/BaseJobsController.java +++ b/src/java/org/mxchange/jjobs/beans/BaseJobsController.java @@ -24,6 +24,7 @@ import java.util.MissingResourceException; import java.util.ResourceBundle; import javax.faces.application.FacesMessage; import javax.faces.context.FacesContext; +import org.mxchange.jusercore.model.user.UserUtils; /** * A general controller @@ -128,6 +129,39 @@ public abstract class BaseJobsController implements Serializable { return isEnabled; } + /** + * Checks if given password is to weak to be used + *

+ * @param password Clear-text password + *

+ * @return Whether the entered password is to weak + */ + protected boolean isWeakPassword (final String password) { + // Log message + System.out.println(this.getClass().getSimpleName() + ":isWeakPassword: password=" + password + " - CALLED!"); + + // Is parameter set? + if (null == password) { + // Throw NPE + throw new NullPointerException("password is null"); //NOI18N + } + + // Get score value + double passwordScore = UserUtils.calculatePasswordScore(password); + + // Log message + System.out.println(this.getClass().getSimpleName() + ".isWeakPassword: passwordScore=" + passwordScore); + + // Is the score within range? + boolean isWeak = (passwordScore <= this.getIntegerContextParameter("min_user_password_score")); //NOI18N + + // Log message + System.out.println(this.getClass().getSimpleName() + ".isWeakPassword: isWeak=" + isWeak + " - EXIT!"); + + // Return it + return isWeak; + } + /** * Shows a faces message for given causing exception. The message from the * exception is being inserted into the message. diff --git a/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java index 5da800a5..c2a20d9e 100644 --- a/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java +++ b/src/java/org/mxchange/jjobs/beans/user/JobsAdminUserWebRequestBean.java @@ -280,6 +280,12 @@ public class JobsAdminUserWebRequestBean extends BaseJobsController implements J } else if ((this.beanHelper.getContact() == null) && (this.contactController.isEmailAddressRegistered(user.getUserContact()))) { // Email address is already used this.showFacesMessage("admin_add_user:emailAddress", "ERROR_EMAIL_ADDRESS_ALREADY_USED"); //NOI18N + + // Always clear password + this.setUserPassword(null); + this.setUserPasswordRepeat(null); + + // Skip it return ""; //NOI18N } else if ((this.getUserPassword() == null && (this.getUserPasswordRepeat() == null)) || ((this.getUserPassword().isEmpty()) && (this.getUserPasswordRepeat().isEmpty()))) { // Empty password entered, then generate one diff --git a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java index 9cc12871..563319ff 100644 --- a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java +++ b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java @@ -157,6 +157,16 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement // No redirect return ""; //NOI18N + } else if (this.isWeakPassword(this.getUserPassword())) { + // Password is to weak + this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_PASSWORD_TO_WEAK"); //NOI18N + + // Clear bean + this.userLoginController.setUserCurrentPassword(null); + this.clear(); + + // Skip it + return ""; //NOI18N } // Get user instance diff --git a/src/java/org/mxchange/localization/bundle_de_DE.properties b/src/java/org/mxchange/localization/bundle_de_DE.properties index 31358ddf..6c3c7458 100644 --- a/src/java/org/mxchange/localization/bundle_de_DE.properties +++ b/src/java/org/mxchange/localization/bundle_de_DE.properties @@ -793,3 +793,4 @@ USER_ENTER_NEW_PASSWORD=Neues Passwort: USER_ENTER_NEW_PASSWORD_REPEAT=Wiederholen: BUTTON_USER_CHANGE_PASSWORD=Passwort \u00e4ndern ADMIN_LINK_SHOW_CONTACT_DATA=Kontaktdaten anzeigen +ERROR_USER_PASSWORD_TO_WEAK=Das eingegebene Passwort ist zu schwach. Bitte geben Sie Bustaben, Zahlen und Sonderzeichen ein, um ein sicheres Passwort zu erstellen. diff --git a/src/java/org/mxchange/localization/bundle_en_US.properties b/src/java/org/mxchange/localization/bundle_en_US.properties index 92c5414f..c7a06137 100644 --- a/src/java/org/mxchange/localization/bundle_en_US.properties +++ b/src/java/org/mxchange/localization/bundle_en_US.properties @@ -794,3 +794,4 @@ USER_ENTER_NEW_PASSWORD=New password: USER_ENTER_NEW_PASSWORD_REPEAT=Repeat: BUTTON_USER_CHANGE_PASSWORD=Change password ADMIN_LINK_SHOW_CONTACT_DATA=Show contact data +ERROR_USER_PASSWORD_TO_WEAK=Your entered password is to weak. Please enter letters, numbers and special characters to create a secure password. diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml index fd961717..06905fb6 100644 --- a/web/WEB-INF/web.xml +++ b/web/WEB-INF/web.xml @@ -127,6 +127,11 @@ is_feature_user_must_change_email_address_enabled true + + Minimum password score (default 50 may be to low) + min_user_password_score + 50 + Faces Servlet javax.faces.webapp.FacesServlet