DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Add validation on route ChangePasswordCitizenRequest

Browse Source
This commit is contained in:
Fabrice Lecomte
2021-04-08 17:55:05 +02:00
parent eb399392c9
commit 9d3eeeb04b
7 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/fr/dcproject/common/validation/Password.kt
View File

@@ -10,7 +10,7 @@ fun ValidationBuilder<String>.passwordScore(minScore: Int) =
fun String.passwordScore(): Int { fun String.passwordScore(): Int {
var score: Int = length var score: Int = length
val alphaNum = ('a'..'z').toList() + ('A'..'Z').toList() + ('0'..'9').toList() val alphaNum = ('a'..'z').toList() + ('A'..'Z').toList() + ('0'..'9').toList()
val specialCount = (length - toList().intersect(alphaNum).size) val specialCount = length - toList().intersect(alphaNum).size
score += specialCount.let { if (it > 3) 3 else it } score += specialCount.let { if (it > 3) 3 else it }
val hasAlphaLower = toList().intersect(('a'..'z').toList()).size.let { if (it > 2) 2 else it } val hasAlphaLower = toList().intersect(('a'..'z').toList()).size.let { if (it > 2) 2 else it }

14
src/main/kotlin/fr/dcproject/component/citizen/routes/ChangeMyPassword.kt
View File

@@ -1,7 +1,9 @@
package fr.dcproject.component.citizen.routes package fr.dcproject.component.citizen.routes
import fr.dcproject.application.http.badRequestIfNotValid
import fr.dcproject.common.security.assert import fr.dcproject.common.security.assert
import fr.dcproject.common.utils.receiveOrBadRequest import fr.dcproject.common.utils.receiveOrBadRequest
import fr.dcproject.common.validation.passwordScore
import fr.dcproject.component.auth.citizen import fr.dcproject.component.auth.citizen
import fr.dcproject.component.auth.citizenOrNull import fr.dcproject.component.auth.citizenOrNull
import fr.dcproject.component.auth.database.UserRepository import fr.dcproject.component.auth.database.UserRepository
@@ -9,6 +11,7 @@ import fr.dcproject.component.auth.database.UserWithPassword
import fr.dcproject.component.auth.mustBeAuth import fr.dcproject.component.auth.mustBeAuth
import fr.dcproject.component.citizen.CitizenAccessControl import fr.dcproject.component.citizen.CitizenAccessControl
import fr.dcproject.component.citizen.database.CitizenRef import fr.dcproject.component.citizen.database.CitizenRef
import io.konform.validation.Validation
import io.ktor.application.call import io.ktor.application.call
import io.ktor.auth.UserPasswordCredential import io.ktor.auth.UserPasswordCredential
import io.ktor.features.BadRequestException import io.ktor.features.BadRequestException
@@ -25,14 +28,21 @@ object ChangeMyPassword {
@Location("/citizens/{citizen}/password/change") @Location("/citizens/{citizen}/password/change")
class ChangePasswordCitizenRequest(citizen: UUID) { class ChangePasswordCitizenRequest(citizen: UUID) {
val citizen = CitizenRef(citizen) val citizen = CitizenRef(citizen)
data class Input(val oldPassword: String, val newPassword: String) data class Input(val oldPassword: String, val newPassword: String) {
fun validate() = Validation<Input> {
Input::newPassword {
passwordScore(15)
}
}.validate(this)
}
} }
fun Route.changeMyPassword(ac: CitizenAccessControl, userRepository: UserRepository) { fun Route.changeMyPassword(ac: CitizenAccessControl, userRepository: UserRepository) {
put<ChangePasswordCitizenRequest> { put<ChangePasswordCitizenRequest> {
mustBeAuth() mustBeAuth()
ac.assert { canChangePassword(it.citizen, citizenOrNull) }
val content = call.receiveOrBadRequest<ChangePasswordCitizenRequest.Input>() val content = call.receiveOrBadRequest<ChangePasswordCitizenRequest.Input>()
.apply { validate().badRequestIfNotValid() }
ac.assert { canChangePassword(it.citizen, citizenOrNull) }
userRepository.findByCredentials(UserPasswordCredential(citizen.user.username, content.oldPassword)) ?: throw BadRequestException("Bad Password") userRepository.findByCredentials(UserPasswordCredential(citizen.user.username, content.oldPassword)) ?: throw BadRequestException("Bad Password")
userRepository.changePassword( userRepository.changePassword(
UserWithPassword( UserWithPassword(

4
src/main/resources/openapi.yaml
View File

@@ -484,6 +484,10 @@ paths:
description: Password changed description: Password changed
400: 400:
description: Bad request description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/400'
401: 401:
$ref: '#/components/responses/401' $ref: '#/components/responses/401'
404: 404:

4
src/test/kotlin/integration/Citizen routes.kt
View File

@@ -69,8 +69,8 @@ class `Citizen routes` : BaseTest() {
`with body`( `with body`(
""" """
{ {
"oldPassword": "azerty", "oldPassword": "Azerty123!",
"newPassword": "qwerty" "newPassword": "Qwerty123!"
} }
""" """
) )

2
src/test/kotlin/integration/Login routes.kt
View File

@@ -27,7 +27,7 @@ class `Login routes` : BaseTest() {
""" """
{ {
"username": "niels-bohr", "username": "niels-bohr",
"password": "azerty" "password": "Azerty123!"
} }
""" """
) )

4
src/test/kotlin/integration/steps/given/Citizen.kt
View File

@@ -23,7 +23,7 @@ fun TestApplicationEngine.`Given I have citizen`(
val user = UserForCreate( val user = UserForCreate(
id = id.toUUID(), id = id.toUUID(),
username = "$firstName-$lastName".toLowerCase(), username = "$firstName-$lastName".toLowerCase(),
password = "azerty", password = "Azerty123!",
) )
val citizen = CitizenForCreate( val citizen = CitizenForCreate(
id = id.toUUID(), id = id.toUUID(),
@@ -53,7 +53,7 @@ fun createCitizen(name: CitizenI.Name? = null, id: UUID = UUID.randomUUID()): Ci
last last
), ),
email = "$first@fakeemail.com", email = "$first@fakeemail.com",
user = UserForCreate(username = username, password = "azerty") user = UserForCreate(username = username, password = "Azerty123!")
).let { ).let {
citizenRepository.insertWithUser(it) ?: error("Unable to create User") citizenRepository.insertWithUser(it) ?: error("Unable to create User")
} }

2
src/test/kotlin/integration/steps/given/Workgroup.kt
View File

@@ -65,7 +65,7 @@ private fun createWorkgroup(
.toLowerCase().replace(' ', '-') .toLowerCase().replace(' ', '-')
val user = UserForCreate( val user = UserForCreate(
username = username, username = username,
password = "azerty", password = "Azerty123!",
) )
CitizenForCreate( CitizenForCreate(
name = creatorName, name = creatorName,