Update forgotpwd with pattern checks

muralibasani · muralibasani · commit 5c5c9f0f3ac6 · 2025-03-20T10:58:37.000+01:00
diff --git a/core/src/main/java/io/aiven/klaw/controller/UsersTeamsController.java b/core/src/main/java/io/aiven/klaw/controller/UsersTeamsController.java
@@ -1,5 +1,7 @@
 package io.aiven.klaw.controller;
 
+import static io.aiven.klaw.helpers.KwConstants.PASSWORD_REGEX;
+
 import io.aiven.klaw.error.KlawException;
 import io.aiven.klaw.error.KlawNotAuthorizedException;
 import io.aiven.klaw.model.ApiResponse;
@@ -16,6 +18,7 @@
 import io.aiven.klaw.service.UsersTeamsControllerService;
 import io.aiven.klaw.validation.PermissionAllowed;
 import jakarta.validation.Valid;
+import jakarta.validation.constraints.Pattern;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -276,7 +279,7 @@ public ResponseEntity<ResetPasswordInfo> resetToken(@RequestParam("username") St
       produces = {MediaType.APPLICATION_JSON_VALUE})
   public ResponseEntity<ResetPasswordInfo> resetPasswordWithToken(
       @RequestParam("token") String token,
-      @RequestParam("password") String password,
+      @Pattern(regexp = PASSWORD_REGEX) @RequestParam("password") String password,
       @RequestParam("username") String username)
       throws KlawNotAuthorizedException {
     return new ResponseEntity<>(
diff --git a/core/src/main/resources/static/js/forgotPassword.js b/core/src/main/resources/static/js/forgotPassword.js
@@ -120,7 +120,15 @@ app.controller("forgotPwdCtrl", function($scope, $http, $location, $window) {
                                 }).error(
                                     function(error)
                                     {
-                                        $scope.alert = 'Unable to update your password. Please check your token has not expired and your user name is spelt correctly.'
+                                        if(error != null && error.detail != null && error.detail.includes("Validation failure")){
+                                            $scope.alert = error.detail + ": Password must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.";
+                                            $scope.alertnote = $scope.alert;
+                                            $scope.showAlertToast();
+                                        } else {
+                                            $scope.alert = 'Unable to update your password. Please check your token has not expired and your user name is spelt correctly.'
+                                            $scope.alertnote = error;
+                                            $scope.showAlertToast();
+                                        }
                                     }
                                 );
                         }
diff --git a/core/src/test/java/io/aiven/klaw/controller/UserTeamsControllerTest.java b/core/src/test/java/io/aiven/klaw/controller/UserTeamsControllerTest.java
@@ -0,0 +1,66 @@
+package io.aiven.klaw.controller;
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.when;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import io.aiven.klaw.model.response.ResetPasswordInfo;
+import io.aiven.klaw.service.UsersTeamsControllerService;
+import java.nio.charset.StandardCharsets;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+
+@ExtendWith(SpringExtension.class)
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+public class UserTeamsControllerTest {
+
+  @MockBean private UsersTeamsControllerService usersTeamsControllerService;
+
+  private MockMvc mvc;
+
+  @BeforeEach
+  public void setUp() {
+    UsersTeamsController usersTeamsController = new UsersTeamsController();
+    mvc = MockMvcBuilders.standaloneSetup(usersTeamsController).dispatchOptions(true).build();
+    ReflectionTestUtils.setField(
+        usersTeamsController, "usersTeamsControllerService", usersTeamsControllerService);
+  }
+
+  @ParameterizedTest
+  @Order(1)
+  @CsvSource({
+          "'invalidpwd', 400", // Invalid password -> Expect 4xx Client Error
+          "'Invalidpwd321@', 200" // Valid password -> Expect 200 OK
+  })
+  public void resetPasswordWithTokenTest(String password, int expectedStatus) throws Exception {
+    ResetPasswordInfo passwordReset = new ResetPasswordInfo();
+    when(usersTeamsControllerService.resetPassword(anyString(), anyString(), anyString()))
+            .thenReturn(passwordReset);
+
+    mvc.perform(
+                    MockMvcRequestBuilders.post("/reset/password")
+                            .param("token", "token")
+                            .param("password", password)
+                            .param("username", "username")
+                            .contentType(MediaType.APPLICATION_JSON)
+                            .characterEncoding(StandardCharsets.UTF_8)
+                            .accept(MediaType.APPLICATION_JSON))
+            .andDo(print())
+            .andExpect(status().is(expectedStatus));
+  }
+
+}
diff --git a/core/src/test/java/io/aiven/klaw/service/UsersTeamsControllerServiceTest.java b/core/src/test/java/io/aiven/klaw/service/UsersTeamsControllerServiceTest.java
@@ -207,7 +207,7 @@ public void updateUserNotAuthorizedToUpdateSuperAdmin() throws KlawException {
 
   @Test
   public void resetPassword_withSuccess() throws KlawException, KlawNotAuthorizedException {
-    String newPW = "newPW";
+    String newPW = "newPW321@";
     String resetToken = UUID.randomUUID().toString();
     when(handleDbRequests.getUsersInfo(eq(OCTOPUS))).thenReturn(generateUser(OCTOPUS));
     when(manageDatabase.getTeamNameFromTeamId(eq(101), eq(10))).thenReturn("Octo");
diff --git a/openapi.yaml b/openapi.yaml
@@ -767,7 +767,8 @@
           "in" : "query",
           "required" : true,
           "schema" : {
-            "type" : "string"
+            "type" : "string",
+            "pattern" : "(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[\\W_]).{8,}"
           }
         }, {
           "name" : "username",

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,15 @@ app.controller("forgotPwdCtrl", function($scope, $http, $location, $window) {`
`120`	`120`	`}).error(`
`121`	`121`	`function(error)`
`122`	`122`	`{`
`123`		`- $scope.alert = 'Unable to update your password. Please check your token has not expired and your user name is spelt correctly.'`
	`123`	`+ if(error != null && error.detail != null && error.detail.includes("Validation failure")){`
	`124`	`+ $scope.alert = error.detail + ": Password must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.";`
	`125`	`+ $scope.alertnote = $scope.alert;`
	`126`	`+ $scope.showAlertToast();`
	`127`	`+ } else {`
	`128`	`+ $scope.alert = 'Unable to update your password. Please check your token has not expired and your user name is spelt correctly.'`
	`129`	`+ $scope.alertnote = error;`
	`130`	`+ $scope.showAlertToast();`
	`131`	`+ }`
`124`	`132`	`}`
`125`	`133`	`);`
`126`	`134`	`}`