This is an automated email from the ASF dual-hosted git repository.

bpatel pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.3 by this push:
     new 7fdd906  RANGER-3678: Update password validation criteria
7fdd906 is described below

commit 7fdd9060b0c15dfbcd709b34729a265fc7a0cd44
Author: Bhavik Patel <[email protected]>
AuthorDate: Thu Mar 24 10:34:34 2022 +0530

    RANGER-3678: Update password validation criteria
---
 .../main/java/org/apache/ranger/biz/XUserMgr.java   |  7 +++----
 .../java/org/apache/ranger/common/StringUtil.java   | 21 +++------------------
 .../ranger/patch/cliutil/ChangePasswordUtil.java    | 14 ++++++--------
 .../java/org/apache/ranger/biz/TestXUserMgr.java    |  2 +-
 4 files changed, 13 insertions(+), 31 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 9971889..b031e96 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2605,11 +2605,10 @@ public class XUserMgr extends XUserMgrBase {
        protected void validatePassword(VXUser vXUser) {
                if (vXUser.getPassword() != null && 
!vXUser.getPassword().isEmpty()) {
                        boolean checkPassword = false;
-                       String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
-                       checkPassword = 
vXUser.getPassword().trim().matches(pattern);
+                       checkPassword = 
vXUser.getPassword().trim().matches(StringUtil.VALIDATION_CRED);
                        if (!checkPassword) {
-                               logger.warn("validatePassword(). Password 
should be minimum 8 characters with min one alphabet and one numeric.");
-                               throw 
restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", 
MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters 
with min one alphabet and one numeric", null);
+                               logger.warn("validatePassword(). Password 
should be minimum 8 characters, at least one uppercase letter, one lowercase 
letter and one numeric.");
+                               throw 
restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword", 
MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, 
at least one uppercase letter, one lowercase letter and one numeric.", null);
                        }
                } else {
                        logger.warn("validatePassword(). Password cannot be 
blank/null.");
diff --git 
a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 
b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
index 8debc24..ed2e8df 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
@@ -36,7 +36,7 @@ import org.springframework.stereotype.Component;
 public class StringUtil implements Serializable {
        private static final Logger logger = 
LoggerFactory.getLogger(StringUtil.class);
 
-       static final public int MIN_PASSWORD_LENGTH = 8;
+       static final public String VALIDATION_CRED = 
"(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,}";
 
        static final public String VALIDATION_NAME = 
"^([A-Za-z0-9_]|[\u00C0-\u017F])([a-zA-Z0-9\\s_. -@]|[\u00C0-\u017F])+$";
        static final public String VALIDATION_TEXT = "[a-zA-Z0-9\\ 
\"!@#$%^&amp;*()-_=+;:'&quot;|~`&lt;&gt;?/{}\\.\\,\\-\\?<>\\x00-\\x7F\\p{L}-]*";
@@ -126,23 +126,8 @@ public class StringUtil implements Serializable {
                        return false;
                }
                password = password.trim();
-               if (password.length() < MIN_PASSWORD_LENGTH) {
-                       return false;
-               }
-
-               boolean hasAlpha = false;
-               boolean hasNum = false;
-               for (int i = 0; i < password.length(); i++) {
-                       char ch = password.charAt(i);
-
-                       if (Character.isDigit(ch)) {
-                               hasNum = true;
-                       } else if (Character.isLetter(ch)) {
-                               hasAlpha = true;
-                       }
-               }
-
-               if (!hasAlpha || !hasNum) {
+               boolean checkPassword = password.matches(VALIDATION_CRED);
+               if (!checkPassword) {
                        return false;
                }
 
diff --git 
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
 
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 0cc4fe2..31cdff0 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -21,6 +21,7 @@ package org.apache.ranger.patch.cliutil;
 import org.apache.ranger.biz.UserMgr;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.patch.BaseLoader;
@@ -260,16 +261,13 @@ public class ChangePasswordUtil extends BaseLoader {
        private void validatePassword(String newPassword) {
                boolean checkPassword = false;
                if (newPassword != null) {
-                       String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
-                       checkPassword = newPassword.trim().matches(pattern);
+                       checkPassword = 
newPassword.trim().matches(StringUtil.VALIDATION_CRED);
                        if (!checkPassword) {
-                               logger.error(
-                                               "validatePassword(). Password 
should be minimum 8 characters with minimum one alphabet and one numeric.");
-                               System.out.println(
-                                               "validatePassword(). Password 
should be minimum 8 characters with minimum one alphabet and one numeric.");
+                               String msg = "Password should be minimum 8 
characters, at least one uppercase letter, one lowercase letter and one 
numeric.";
+                               logger.error(msg);
+                               System.out.println(msg);
                                throw 
restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
-                                               MessageEnums.INVALID_PASSWORD, 
null,
-                                               "Password should be minimum 8 
characters with minimum one alphabet and one numeric", null);
+                                               MessageEnums.INVALID_PASSWORD, 
null, msg, null);
                        }
                } else {
                        logger.error("validatePassword(). Password cannot be 
blank/null.");
diff --git 
a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 
b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 57e9738..3b5ec02 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -2708,7 +2708,7 @@ public class TestXUserMgr {
                setup();
                VXUser vxUser = vxUser();
                vxUser.setPassword("password");
-               
Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword",
 MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters 
with min one alphabet and one numeric", null)).thenThrow(new 
WebApplicationException());
+               
Mockito.when(restErrorUtil.createRESTException("serverMsg.xuserMgrValidatePassword",
 MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters, 
at least one uppercase letter, one lowercase letter and one numeric", 
null)).thenThrow(new WebApplicationException());
                thrown.expect(WebApplicationException.class);
                xUserMgr.validatePassword(vxUser);
        }

Reply via email to