Cleanup password verification code

src/main/java/net/frozenorb/apiv3/route/emailTokens/POSTEmailTokensIdConfirm.java

@@ -9,6 +9,7 @@ import net.frozenorb.apiv3.auditLog.AuditLog;
 import net.frozenorb.apiv3.auditLog.AuditLogActionType;
 import net.frozenorb.apiv3.model.User;
 import net.frozenorb.apiv3.util.ErrorUtils;
+import net.frozenorb.apiv3.util.PasswordUtils;
 import net.frozenorb.apiv3.util.SyncUtils;
 
 import java.util.concurrent.TimeUnit;
@@ -43,8 +44,13 @@ public final class POSTEmailTokensIdConfirm implements Handler<RoutingContext> {
 		JsonObject requestBody = ctx.getBodyAsJson();
 		String password = requestBody.getString("password");
 
-		if (password.length() < 8) {
+		if (PasswordUtils.isTooShort(password)) {
-			ErrorUtils.respondInvalidInput(ctx, "Your password is too short.");
+			ErrorUtils.respondOther(ctx, 409, "Your password is too short.", "passwordTooShort", ImmutableMap.of());
+			return;
+		}
+
+		if (PasswordUtils.isTooSimple(password)) {
+			ErrorUtils.respondOther(ctx, 409, "Your password is too simple.", "passwordTooSimple", ImmutableMap.of());
 			return;
 		}
 

src/main/java/net/frozenorb/apiv3/route/users/POSTUsersIdChangePassword.java

@@ -11,6 +11,7 @@ import net.frozenorb.apiv3.model.User;
 import net.frozenorb.apiv3.unsorted.RequiresTotpResult;
 import net.frozenorb.apiv3.unsorted.TotpAuthorizationResult;
 import net.frozenorb.apiv3.util.ErrorUtils;
+import net.frozenorb.apiv3.util.PasswordUtils;
 import net.frozenorb.apiv3.util.SyncUtils;
 import net.frozenorb.apiv3.util.UserSessionUtils;
 
@@ -72,8 +73,13 @@ public final class POSTUsersIdChangePassword implements Handler<RoutingContext>
 
 		String newPassword = requestBody.getString("newPassword");
 
-		if (newPassword.length() < 8) {
+		if (PasswordUtils.isTooShort(newPassword)) {
-			ErrorUtils.respondInvalidInput(ctx, "Password is too short.");
+			ErrorUtils.respondOther(ctx, 409, "Your password is too short.", "passwordTooShort", ImmutableMap.of());
+			return;
+		}
+
+		if (PasswordUtils.isTooSimple(newPassword)) {
+			ErrorUtils.respondOther(ctx, 409, "Your password is too simple.", "passwordTooSimple", ImmutableMap.of());
 			return;
 		}
 

src/main/java/net/frozenorb/apiv3/util/PasswordUtils.java

@@ -0,0 +1,27 @@
+package net.frozenorb.apiv3.util;
+
+import com.google.common.collect.ImmutableList;
+import lombok.experimental.UtilityClass;
+
+import java.util.List;
+
+@UtilityClass
+public class PasswordUtils {
+
+	private final List<String> commonPasswords = ImmutableList.copyOf(("123456 password 12345678 qwerty 123456789 12345 1234 111111 1234567 dragon " +
+			"123123 baseball abc123 football monkey letmein 696969 shadow master 666666 qwertyuiop 123321 mustang 1234567890 " +
+			"michael 654321 pussy superman 1qaz2wsx 7777777 fuckyou 121212 000000 qazwsx 123qwe killer trustno1 jordan jennifer " +
+			"zxcvbnm asdfgh hunter buster soccer harley batman andrew tigger sunshine iloveyou fuckme 2000 charlie robert thomas " +
+			"hockey ranger daniel starwars klaster 112233 george asshole computer michelle jessica pepper 1111 zxcvbn 555555 11111111" +
+			" 131313 freedom 777777 pass fuck maggie 159753 aaaaaa ginger princess joshua cheese amanda summer love ashley 6969 " +
+			"nicole chelsea biteme matthew access yankees 987654321 dallas austin thunder taylor matrix").split(" "));
+
+	public static boolean isTooShort(String password) {
+		return password.length() < 8;
+	}
+
+	public static boolean isTooSimple(String password) {
+		return commonPasswords.contains(password);
+	}
+
+}