The-pack-family/APIv3
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup password verification code

Browse Source
This commit is contained in:
Colin McDonald 2016-07-25 17:14:27 -04:00
parent 3ab317da1f
commit e827a30131
3 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/net/frozenorb/apiv3/route/emailTokens/POSTEmailTokensIdConfirm.java
View File

@ -9,6 +9,7 @@ import net.frozenorb.apiv3.auditLog.AuditLog;
import net.frozenorb.apiv3.auditLog.AuditLogActionType;
import net.frozenorb.apiv3.model.User;
import net.frozenorb.apiv3.util.ErrorUtils;
import net.frozenorb.apiv3.util.PasswordUtils;
import net.frozenorb.apiv3.util.SyncUtils;
import java.util.concurrent.TimeUnit;
@ -43,8 +44,13 @@ public final class POSTEmailTokensIdConfirm implements Handler<RoutingContext> {
JsonObject requestBody = ctx.getBodyAsJson();
String password = requestBody.getString("password");
if (password.length() < 8) {
ErrorUtils.respondInvalidInput(ctx, "Your password is too short.");
if (PasswordUtils.isTooShort(password)) {
ErrorUtils.respondOther(ctx, 409, "Your password is too short.", "passwordTooShort", ImmutableMap.of());
return;
}
if (PasswordUtils.isTooSimple(password)) {
ErrorUtils.respondOther(ctx, 409, "Your password is too simple.", "passwordTooSimple", ImmutableMap.of());
return;
}

10
src/main/java/net/frozenorb/apiv3/route/users/POSTUsersIdChangePassword.java
View File

@ -11,6 +11,7 @@ import net.frozenorb.apiv3.model.User;
import net.frozenorb.apiv3.unsorted.RequiresTotpResult;
import net.frozenorb.apiv3.unsorted.TotpAuthorizationResult;
import net.frozenorb.apiv3.util.ErrorUtils;
import net.frozenorb.apiv3.util.PasswordUtils;
import net.frozenorb.apiv3.util.SyncUtils;
import net.frozenorb.apiv3.util.UserSessionUtils;
@ -72,8 +73,13 @@ public final class POSTUsersIdChangePassword implements Handler<RoutingContext>
String newPassword = requestBody.getString("newPassword");
if (newPassword.length() < 8) {
ErrorUtils.respondInvalidInput(ctx, "Password is too short.");
if (PasswordUtils.isTooShort(newPassword)) {
ErrorUtils.respondOther(ctx, 409, "Your password is too short.", "passwordTooShort", ImmutableMap.of());
return;
}
if (PasswordUtils.isTooSimple(newPassword)) {
ErrorUtils.respondOther(ctx, 409, "Your password is too simple.", "passwordTooSimple", ImmutableMap.of());
return;
}

27
src/main/java/net/frozenorb/apiv3/util/PasswordUtils.java Normal file
View File

@ -0,0 +1,27 @@
package net.frozenorb.apiv3.util;
import com.google.common.collect.ImmutableList;
import lombok.experimental.UtilityClass;
import java.util.List;
@UtilityClass
public class PasswordUtils {
private final List<String> commonPasswords = ImmutableList.copyOf(("123456 password 12345678 qwerty 123456789 12345 1234 111111 1234567 dragon " +
"123123 baseball abc123 football monkey letmein 696969 shadow master 666666 qwertyuiop 123321 mustang 1234567890 " +
"michael 654321 pussy superman 1qaz2wsx 7777777 fuckyou 121212 000000 qazwsx 123qwe killer trustno1 jordan jennifer " +
"zxcvbnm asdfgh hunter buster soccer harley batman andrew tigger sunshine iloveyou fuckme 2000 charlie robert thomas " +
"hockey ranger daniel starwars klaster 112233 george asshole computer michelle jessica pepper 1111 zxcvbn 555555 11111111" +
" 131313 freedom 777777 pass fuck maggie 159753 aaaaaa ginger princess joshua cheese amanda summer love ashley 6969 " +
"nicole chelsea biteme matthew access yankees 987654321 dallas austin thunder taylor matrix").split(" "));
public static boolean isTooShort(String password) {
return password.length() < 8;
}
public static boolean isTooSimple(String password) {
return commonPasswords.contains(password);
}
}