Updating password rules #2842
Updating password rules #2842
Conversation
muralibasani
force-pushed
the
pwd-policy
branch
from
5185f83 to
e1854b7
Compare
coral/src/app/features/user-information/change-password/changePasswordFormSchema.ts
Show resolved
Hide resolved
core/src/main/java/io/aiven/klaw/model/requests/ChangePasswordRequestModel.java
Outdated
Show resolved
Hide resolved
core/src/test/java/io/aiven/klaw/service/UsersTeamsControllerServiceTest.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Muralidhar Basani <[email protected]>
muralibasani
force-pushed
the
pwd-policy
branch
from
e1854b7 to
5ff877a
Compare
Signed-off-by: Muralidhar Basani <[email protected]>
| @@ -8,7 +8,7 @@ services: | |||
| SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;" | |||
| KLAW_UIAPI_SERVERS: "http://klaw-core:9097" | |||
| KLAW_CLUSTERAPI_URL: "http://klaw-cluster-api:9343" | |||
| KLAW_SUPERADMIN_DEFAULT_PASSWORD: 'welcometoklaw' | |||
| KLAW_SUPERADMIN_DEFAULT_PASSWORD: 'WelcomeToKlaw321@' | |||
There was a problem hiding this comment.
We will need to make an update to klaw docs to let folks know we have updated this.
There was a problem hiding this comment.
Just so we can merge one and then immediately merge the other
| violations.forEach( | ||
| vio -> | ||
| assertThat(vio.getMessage()) | ||
| .contains("Password must be at least 8 characters long and include at least")); |
There was a problem hiding this comment.
Should just check this and line 909 against the constant PASSWORD_REGEX_VALIDATION_STR
| @@ -889,6 +897,31 @@ public void changePwd() throws KlawException { | |||
| changePwdEncodedParams(updatePwdUserDetails, changePwdRequestModel); | |||
| } | |||
|
|
|||
| @Test | |||
There was a problem hiding this comment.
You could also @ParamterizedTest this and add a CSVSource with "password,violationsCount" and fire in a number of passwords, it should simplify the test and show xactly what passwords are and are not allowed.
| violations.forEach( | ||
| vio -> | ||
| assertThat(vio.getMessage()) | ||
| .contains("Password must be at least 8 characters long and include at least")); |
There was a problem hiding this comment.
Can check against the constant here as well.
| @NotNull | ||
| @Pattern(regexp = PASSWORD_REGEX, message = PASSWORD_REGEX_VALIDATION_STR) |
There was a problem hiding this comment.
It might be worth splitting the @pattern into 3 or 4 things to give concise feedback about the issue with the password wdyt?
e.g.
@pattern(regex = "(?=.[a-z])" message = "must contain at least 1 lower case letter")
@pattern(regex = "(?=.[A-Z])" message = "must contain at least 1 upper case letter")
@pattern(regex = "(?=.[0-9])" message = "must contain at least 1 number")
@pattern(regex = "(?=.["!@#$%&*()'+,-./:;<=>?[]^_`{|}"])" message = "must contain at least 1 special character")
@SiZe(min = 8)
Note have not tested above regex
There was a problem hiding this comment.
We have the same pattern check in front end.
This pattern is invoked only when someone is invoking BE apis manually, and we have not enabled them yet.
| @@ -336,7 +342,7 @@ app.controller("manageUsersCtrl", function($scope, $http, $location, $window) { | |||
|
|
|||
| if(!$scope.addNewUser.pwd) | |||
| { | |||
| $scope.alertnote = "Please enter a password."; | |||
| $scope.alertnote = "Please enter a suggested password."; | |||
There was a problem hiding this comment.
i dont think you need to add suggested here, as they should be entering their password?
| @@ -389,7 +389,7 @@ app.controller("registerUsersCtrl", function($scope, $http, $location, $window) | |||
|
|
|||
| if(!$scope.registerUser.pwd) | |||
| { | |||
| $scope.alertnote = "Please enter a password."; | |||
| $scope.alertnote = "Please enter a suggested password."; | |||
There was a problem hiding this comment.
same I dont think you need to change it to suggested here
Signed-off-by: Muralidhar Basani <[email protected]>
|
@aindriu-aiven can you take a look again ? |
There was a problem hiding this comment.
Tested changing password through old and new UI and tested creating a new user, having admin reset password as well.
The one area I fond that wasnt covered by the improved password policy was the password reset page.
Here any password can be added without validation.
UserTeamsControllerService and i think forgotPassword.js need to be updated
@muralibasani you can just make the change on the API to check it, the error should be propagated back to the UI. |
Right, updated and added a test. |
Linked issue
Resolves: #xxxxx
What kind of change does this PR introduce?
What is the current behavior?
Describe the state of the application before this PR. Illustrations appreciated (videos, gifs, screenshots).
What is the new behavior?
Describe the state of the application after this PR. Illustrations appreciated (videos, gifs, screenshots).
Other information
Additional changes, explanations of the approach taken, unresolved issues, necessary follow ups, etc.
Requirements (all must be checked before review)
mainbranch have been pulledpnpm linthas been run successfully