Add validation on route ChangePasswordCitizenRequest

2021-04-08 17:55:05 +02:00
parent eb399392c9
commit 9d3eeeb04b
7 changed files with 23 additions and 9 deletions
--- a/src/main/kotlin/fr/dcproject/common/validation/Password.kt
+++ b/src/main/kotlin/fr/dcproject/common/validation/Password.kt
@@ -10,7 +10,7 @@ fun ValidationBuilder<String>.passwordScore(minScore: Int) =
 fun String.passwordScore(): Int {
    var score: Int = length
    val alphaNum = ('a'..'z').toList() + ('A'..'Z').toList() + ('0'..'9').toList()
-    val specialCount = (length - toList().intersect(alphaNum).size)
+    val specialCount = length - toList().intersect(alphaNum).size
    score += specialCount.let { if (it > 3) 3 else it }

    val hasAlphaLower = toList().intersect(('a'..'z').toList()).size.let { if (it > 2) 2 else it }
--- a/src/main/kotlin/fr/dcproject/component/citizen/routes/ChangeMyPassword.kt
+++ b/src/main/kotlin/fr/dcproject/component/citizen/routes/ChangeMyPassword.kt
@@ -1,7 +1,9 @@
 package fr.dcproject.component.citizen.routes

+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
+import fr.dcproject.common.validation.passwordScore
 import fr.dcproject.component.auth.citizen
 import fr.dcproject.component.auth.citizenOrNull
 import fr.dcproject.component.auth.database.UserRepository
@@ -9,6 +11,7 @@ import fr.dcproject.component.auth.database.UserWithPassword
 import fr.dcproject.component.auth.mustBeAuth
 import fr.dcproject.component.citizen.CitizenAccessControl
 import fr.dcproject.component.citizen.database.CitizenRef
+import io.konform.validation.Validation
 import io.ktor.application.call
 import io.ktor.auth.UserPasswordCredential
 import io.ktor.features.BadRequestException
@@ -25,14 +28,21 @@ object ChangeMyPassword {
    @Location("/citizens/{citizen}/password/change")
    class ChangePasswordCitizenRequest(citizen: UUID) {
        val citizen = CitizenRef(citizen)
-        data class Input(val oldPassword: String, val newPassword: String)
+        data class Input(val oldPassword: String, val newPassword: String) {
+            fun validate() = Validation<Input> {
+                Input::newPassword {
+                    passwordScore(15)
+                }
+            }.validate(this)
+        }
    }

    fun Route.changeMyPassword(ac: CitizenAccessControl, userRepository: UserRepository) {
        put<ChangePasswordCitizenRequest> {
            mustBeAuth()
-            ac.assert { canChangePassword(it.citizen, citizenOrNull) }
            val content = call.receiveOrBadRequest<ChangePasswordCitizenRequest.Input>()
+                .apply { validate().badRequestIfNotValid() }
+            ac.assert { canChangePassword(it.citizen, citizenOrNull) }
            userRepository.findByCredentials(UserPasswordCredential(citizen.user.username, content.oldPassword)) ?: throw BadRequestException("Bad Password")
            userRepository.changePassword(
                UserWithPassword(