fix (passwords): added start of line boundary to password validation (#…

…28906) Fix: (#23292) ### Proposed Changes * Added start of input boundary (^) to password validation regex so all the password is validated against the regex ### Checklist - [x] Tests
dotCMS · Jun 18, 2024 · 2a9ba6b · 2a9ba6b
1 parent f1d15fb
commit 2a9ba6b
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 5 deletions.
diff --git a/dotCMS/src/main/resources/portal.properties b/dotCMS/src/main/resources/portal.properties
@@ -306,7 +306,7 @@
     #
 
     # This pattern ensures that passwords must have at least 6 characters and no white spaces.
-    passwords.regexptoolkit.pattern=/[!#%+1234567890:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]{8,}\\Z/
+    passwords.regexptoolkit.pattern=/^[!#%+1234567890:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]{8,}$/
 
     # This pattern ensures that passwords must have between 6 and 20 valid
     # characters:

diff --git a/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java b/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java
@@ -2,6 +2,9 @@
 
 import static org.junit.Assert.assertTrue;
 
+import com.dotcms.datagen.UserDataGen;
+import com.dotmarketing.business.Role;
+import com.liferay.portal.UserPasswordException;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -114,8 +117,69 @@ public void test_user_id_is_UUID() throws DotDataException, SystemException, Por
         assertTrue(UUIDUtil.isUUID(uuidPart));
 
     }
-
-
-
-
+
+    @Test
+    public void testValidPassword() throws Exception {
+
+        User testUser = null;
+        try {
+            final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole();
+            testUser = new UserDataGen().roles(backendRole).nextPersisted();
+            final String userId = testUser.getUserId();
+
+            final String testPassword = "p4ss!word";
+            UserLocalManager userManager = UserLocalManagerFactory.getManager();
+            userManager.validate(userId, testPassword, testPassword);
+
+        } finally {
+            if (null != testUser) {
+                UserDataGen.remove(testUser);
+            }
+        }
+
+    }
+
+    @Test(expected = UserPasswordException.class)
+    public void testInvalidCharacterInPassword() throws Exception {
+
+        User testUser = null;
+        try {
+            final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole();
+            testUser = new UserDataGen().roles(backendRole).nextPersisted();
+            final String userId = testUser.getUserId();
+
+            final String testPassword = "p4ss$word";
+            UserLocalManager userManager = UserLocalManagerFactory.getManager();
+            userManager.validate(userId, testPassword, testPassword);
+
+        } finally {
+            if (null != testUser) {
+                UserDataGen.remove(testUser);
+            }
+        }
+
+    }
+
+
+    @Test (expected = UserPasswordException.class)
+    public void testNotEnoughCharsInPassword() throws Exception {
+
+        User testUser = null;
+        try {
+            final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole();
+            testUser = new UserDataGen().roles(backendRole).nextPersisted();
+            final String userId = testUser.getUserId();
+
+            final String testPassword = "p4ss!";
+            UserLocalManager userManager = UserLocalManagerFactory.getManager();
+            userManager.validate(userId, testPassword, testPassword);
+
+        } finally {
+            if (null != testUser) {
+                UserDataGen.remove(testUser);
+            }
+        }
+
+    }
+
 }